MalHide Trojan
The MalHide Trojan is a threat that hijacks your PC for circulating spam e-mail. Although this threat's payload directs itself towards other targets, its presence indicates a security breach of your PC and the possibility of criminals exerting their control over it for a variety of crimes. Use your anti-malware programs for finding and removing a MalHide Trojan, which operates without symptoms of any significant visibility.
The Mail that Your Infected Computer Hides
Threat actors are 'recruiting' new victims into being unwilling and unknowing assistants to their crimes, which involve compromising third-party businesses for unknown purposes. This campaign uses a foundation of spam e-mails for compromising arbitrary PCs with a MalHide Trojan, which establishes a limited set of Command & Control functions without showing anything to the user. The MalHide Trojan's outward-facing payload also involves spam e-mails, and could, in theory, include self-propagation for circulating the Trojan, itself.
The first e-mail message carries disguised Word documents and includes significant obfuscation to conceal its identity as harmful spam from both anti-spam filters and different brands of security solutions. Malware experts only are seeing Italian variants of this attack, at this date. Users opening the attachment will receive a prompt to 'Enable Content,' and, when doing so, will trigger a corrupted macro exploit.
The macro launches an obfuscated set of PowerShell instructions that download and run the MalHide Trojan's executable from any one of a series of rotating URLs. The MalHide Trojan, then, establishes a hidden SMTP relay on the machine while taking configuration data for its attacks from a remote C&C server. Afterward, the PC may send out spam e-mail-based attacks to third-party targets at the discretion of the threat actors, without showing any signs of these additional activities.
Pulling Your PC Out of a Hidden Web of E-Mail Fraud
At this time, the MalHide Trojan is in use as an enabler for attacks against business employees by sending forged CEO messages with highly specific information of pertinence to the target. Similar infection vectors also are in use for the crimes of file-locking and ransoming Trojans like the Globe Ransomware, spyware programs that collect data, and industrial saboteurs like Enfal and the LURID downloader campaign. The abuse of Word macro-based content also is a reoccurring factor, and all PC users should reconsider enabling any content of this category without confirming the authenticity of a document.
The SMTP-based spam that the MalHide Trojan transmits doesn't target the infected PC but hijacks the PC's resources for criminal purposes. However, since spam e-mails are less resource-intensive than other attacks significantly, such as cryptocurrency mining, the user may notice no performance issues or other discrepancies. Malware experts recommend double-checking downloads for potential threats and using full system scans from trusted anti-malware products for removing any MalHide Trojan infection.
Cyber-crime depends on the inattention of random strangers for achieving its goals frequently. No one should appreciate being the middle-man in a MalHide Trojan spamming campaign even if the worst of its consequences are pointing somewhere else.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.