“Hornet's Nest”: A six-in-one malware

“Hornet's Nest”: A six-in-one malware

  • The six malware found were a mix of cryptominers, info stealers, cryptostealer, and a backdoor.
  • Researchers warn that owing to its destructive attack strategy, it might be a threat designed especially for enterprises.

Researchers have uncovered a new malware campaign targeting organizations in the U.S. and Europe with an attack that deploys a six-in-one malware. They dubbed the malware as “Hornet’s Nest.”

About the malware

Researchers from Deep Instinct have discovered this nasty arsenal.

  • The six malware found were a mix of cryptominers, info stealers, cryptostealer, and a backdoor.
  • The primary payload dropper and is written in MS Visual C++ 8 and bears the signs of active modifications.
  • It is suspected that it may have been developed by a Russian speaker as the code shows a few traces of comments and UI written in Russian.

Researchers said, “Such volume and variety are uncommon in the general landscape and are highly suggestive of a dropper-for-hire campaign.”

Dissecting the six malware elements

  • Vidar – Targets all sorts of personal information, including data stored in Two-Factor Authentication (2FA) software.
  • Predator the Thief – Steals data and can capture images using the victim’s webcam.
  • Racoon Stealer – Bypass Microsoft and Symantec anti-spam messaging gateways.
  • Crypto Stealer – A PowerShell-based cryptocurrency stealer which allows an attacker to steal from a victim’s bitcoin wallet.
  • Crypto Miner – Exploits the victim’s computer and its processing power to help mine cryptocurrency over a longer period.
  • RDP Backdoor – Provides an attacker entry into the victim’s compromised machine, allowing an attacker to execute additional attacks in the future.

Researchers warn that owing to its destructive attack strategy, it might be a threat designed especially for enterprises.

Closing lines

The campaign isn't exactly the most sophisticated one, but, considering all types of data that could be compromised by hackers, a multi-pronged attack of this kind can cause an awful nightmare for the security team of organizations, researchers noted.

Nevertheless, organizations can employ basic security measures to prevent falling victim to malware. They should consider applying patches and protecting open ports if they wish to go a long way to help the business run smooth.