Hancitor Malware Resurfaces With New Methods
Target: Windows machines
Attack Vector: Email containing a malicious attachment, disguised as a PayPal invoice
Summary: While the Hancitor malware is by no means a new threat, it has been observed since the early days of 2017, this week a new variant has been observed displaying a fresh payload and attack vector. Instead of simply injecting malware on a machine, exploiting a vulnerability or some kind of brute-force into a target machine, threat actors are opting to use social engineering tactics in this instance.
Risk assessment summary: The threat is assessed as 3e MODERATE. The use of social engineering in this attack is significant as it provides the threat actor with a simpler way to deliver the malware, as well as a higher chance of success due to human behavior. In addition, the malware uses a range of effective techniques to hide from detection such as Process Hollowing and user-land monitoring evasion. Despite this, an effective Anti-Virus tool should help a user to make an informed decision regarding the downloading of malicious attachments as well as flagging up the existence of malware on a target machine, should an attachment be downloaded.