Hoardy
Hoardy is a backdoor Trojan that has been used by the Flea hacking group to target government officials prior to the G20 Summit that took place in 2014. However, this is not the only case in which this Trojan was employed in attacks against high-profile targets certainly – the malware possesses a wide range of abilities, which make it the perfect choice for attacks in which the perpetrators want to take full control over the compromised host. Attacks that involve the Hoardy backdoor Trojan have a relatively short lifespan, which might mean that the attackers are looking to exfiltrate data over a short period, and then move to their next target.
The group behind the Hoardy backdoor Trojan makes use of cleverly crafted bogus email messages frequently, which carry a corrupted Microsoft Office document. The document contains decoy content that may be mistaken for legitimate and important, but the threatening part is hidden in the background – the document is meant to execute a macro script silently, and this script serves the purpose of decoding and building the Hoardy backdoor payload.
Once launched, the Hoardy Trojan will gain persistence by applying changes to the Windows Registry, and it may often masquerade its name as a legitimate Windows service. The Trojan then makes a connection to one of the pre-defined Command & Control servers, collects some basic system details, and transfers them to the attacker's server to register the compromised host. Once these tasks are accomplished, the operator of the Hoardy backdoor will be able to perform the following tasks on the victim's machine:
- Update or disable the Hoardy backdoor.
- Execute remote commands.
- Download and execute files from a specified URL.
- Upload and execute files from the attacker's server.
Although Hoardy ended up being used against high-profile targets, it is not impressive in terms of functionality certainly – usually, top-of-the-shelf malware is difficult to analyze and packs a broad range of anti-debugging and obfuscation measures to make the life of malware researchers more difficult. Thankfully, this is not the case with Hoardy – it was dismantled by cybersecurity experts quickly, and reputable anti-virus engines are able to identify and terminate this threat with ease.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.