Malware 'Meal Kits' Are Helping Attackers Steal Businesses' Lunch, HP Finds
HP News, Tuesday, October 31,2023
Pre-packaged malware kits give attackers all the ingredients to evade detection tools, making it easier to breach organizations and steal sensitive data
HP Inc. (NYSE: HPQ) issued its quarterly HP Wolf Security Threat Insights Report, showing that thriving cybercriminal marketplaces are offering low-level attackers the tools needed to bypass detection and infect users.
Based on data from millions of endpoints running HP Wolf Security, key findings include:
- Houdini's Last Act: A new campaign targeted businesses with fake shipping documents concealing Vjw0rm JavaScript malware. Its obfuscated code allowed the malware to slip past email defenses and reach endpoints. The analyzed attack delivered Houdini, a 10-year-old VBScript RAT. This shows that, with the right pre-packaged tools from cybercrime marketplaces, hackers can still use vintage malware effectively by abusing the scripting features built into operating systems.
- Cybercriminals Deploy 'Jekyll and Hyde' Attacks: HP discovered a Parallax RAT campaign launching two threads when a user opens a malicious scanned invoice designed to trick users. The 'Jekyll' thread opens a decoy invoice copied from a legitimate online template, reducing suspicion, while the 'Hyde' runs the malware in the background. This attack would be easy for threat actors to carry out, as pre-packaged Parallax kits have been advertised on hacking forums for $65 USD per month.
Alex Holland, Senior Malware Analyst in the HP Wolf Security threat research team, comments:...