HP today issued its latest Threat Insights Report, revealing how attackers are refining campaigns with professional-looking animations and purchasable malware services. HP Threat Researchers warn that these campaigns mix convincing visuals, well known hosting platforms like Discord, and regularly updated malware kits to evade detection by users and detection tools. The report provides an analysis of real-world cyberattacks, helping organizations keep up with the latest techniques cybercriminals use to evade detection and breach PCs in the fast-changing cybercrime landscape. Based on the millions of endpoints running HP Wolf Security, notable campaigns identified by the HP Threat Research Team include:
- DLL sideloading slips past endpoint security scanners: Attackers impersonating the Colombian Prosecutor’s Office emailed fake legal warnings to targets. The lure directs users to a fake government website, which displays a slick auto-scroll animation guiding targets to a “one-time password”, tricking them into opening the malicious password-protected archive file.
- The file – once opened – launches a folder that includes a hidden, maliciously modified dynamic link library (DLL). This installs PureRAT malware in the background, giving attackers full control of a victim’s device. The samples were highly evasive. On average, only 4 per cent of related samples were detected by anti-virus tools.
- Fake Adobe update installs remote access tool: A fake Adobe-branded PDF redirects users to a fraudulent site that pretends to update their PDF reader software. A staged animation shows a spoofed installation bar that mimics Adobe. This tricks users into downloading a modified ScreenConnect executable – a legitimate remote access tool – which connects back to attacker-controlled servers, so they can hijack the compromised device.
- Discord malware dodges Windows 11 defences: Threat actors hosted their payload on Discord to avoid building their own infrastructure and piggybacked off the positive domain reputation of Discord. Before deployment, the malware patches Windows 11’s Memory Integrity protection to bypass this security feature. The infection chain then delivers Phantom Stealer, a subscription-based infostealer sold on the hacking marketplaces with ready-made credential and financial theft features that update frequently to evade modern security tools.
Alongside the report, the HP Threat Research Team has published a blog analyzing the threat of session cookie hijacking attacks, the use of stolen credentials in intrusions and the proliferation of infostealer malware. Rather than stealing passwords or bypassing multi-factor authentication (MFA), attackers are hijacking the cookies that prove a user is already logged in, giving them instant access to sensitive systems. HP analysis of publicly reported attack data found that over half (57%) of the top malware families in Q3 2025 were information stealers, a type of malware that typically has cookie theft capabilities.By isolating threats that have evaded detection tools on PCs – but still allowing malware to detonate safely inside secure containers – HP Wolf Security has insight into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on over 55 billion email attachments, web pages, and downloaded files with no reported breaches.The report, which examines data from July – September 2025, details how cybercriminals continue to diversify attack methods to bypass security tools that rely on detection, such as:
- At least 11% of email threats identified by HP Sure Click bypassed one or more email gateway scanners.
- Archive files were the most popular delivery type (45%), seeing a 5% point rise over Q2, with attackers increasingly using malicious .tar and .z archive files to target users.
- In Q3, 11% of threats stopped by HP Wolf Security were PDF files, growing 3% points over the previous quarter.
Please visit the Threat Research blog to view the report.
Like this:
Like Loading...
Related
This entry was posted on December 11, 2025 at 8:27 am and is filed under Commentary with tags HP. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Malware in Motion: Animated Lures Trick Users into Infecting Their PCs
HP today issued its latest Threat Insights Report, revealing how attackers are refining campaigns with professional-looking animations and purchasable malware services. HP Threat Researchers warn that these campaigns mix convincing visuals, well known hosting platforms like Discord, and regularly updated malware kits to evade detection by users and detection tools. The report provides an analysis of real-world cyberattacks, helping organizations keep up with the latest techniques cybercriminals use to evade detection and breach PCs in the fast-changing cybercrime landscape. Based on the millions of endpoints running HP Wolf Security, notable campaigns identified by the HP Threat Research Team include:
Alongside the report, the HP Threat Research Team has published a blog analyzing the threat of session cookie hijacking attacks, the use of stolen credentials in intrusions and the proliferation of infostealer malware. Rather than stealing passwords or bypassing multi-factor authentication (MFA), attackers are hijacking the cookies that prove a user is already logged in, giving them instant access to sensitive systems. HP analysis of publicly reported attack data found that over half (57%) of the top malware families in Q3 2025 were information stealers, a type of malware that typically has cookie theft capabilities.By isolating threats that have evaded detection tools on PCs – but still allowing malware to detonate safely inside secure containers – HP Wolf Security has insight into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on over 55 billion email attachments, web pages, and downloaded files with no reported breaches.The report, which examines data from July – September 2025, details how cybercriminals continue to diversify attack methods to bypass security tools that rely on detection, such as:
Please visit the Threat Research blog to view the report.
Share this:
Like this:
Related
This entry was posted on December 11, 2025 at 8:27 am and is filed under Commentary with tags HP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.