New Report From HP Wolf Security finds Malware ‘Meal Kits’ are Helping Attackers Steal Businesses’ Lunch

HP Wolf Security’s latest Quarterly Threat Insights Report for Q3 2023 is out now. It reveals how cybercriminals are using pre-packaged malware kits to evade detection tools and breach organizations. Key findings include:

  • A Vjw0rm campaign carrying out multi-stage attacks from a single malicious JavaScript file: This attack uses a 10-year-old Houdini worm and “living off the land tactics” to remain hidden. 
  • A Parallax RAT campaign running a “Jekyll and Hyde” attack – two threads run when a user opens a scanned invoice template. One thread opens the file, while the other runs malware behind the scenes, making it harder for users to tell an attack is in progress.
    • Parallax malware kits are available for $65 a month on hacking forums.

HP also identified attackers are going after their own, “hazing” aspiring cybercriminals by hosting fake malware building kits on code sharing platforms like GitHub. 

Other findings include:

  • Archives were the most popular malware delivery type for the sixth quarter running, used in 36% of cases analyzed by HP in Q3.
  • Macro-enabled Excel add-in threats (.xlam) rose to the 7th most popular file extension abused by attackers in Q3, up from 46th place in Q2.
  • At least 12% of email threats identified by HP Sure Click bypassed one or more email gateway scanner in both Q3, and Q2.

The report can be downloaded here. 

Leave a Reply

%d bloggers like this: