Research

A few words about the HLux botnet

Today my colleague Jorge Mieres found some interesting information related to the new HLux botnet.

This new worm is propagating via e-mail with a backboned administration through a crimeware pack called BOMBA. The scam messages come with a message to a fake eCard requiring installing Flash Player (an old scammers trick).

After the infection, the newly installed malware downloads a malicious update which is detected by Kaspersky as Email-Worm.Win32.Hlux.c and establishes a connection with BOMBA’s server reporting statistics about the infection.

Our statistics for Jan 5 show countries with the highest infection attempts are the U.S., Germany and the U.K.

We’ll keep researching this issue and will keep you updated.

A few words about the HLux botnet

Your email address will not be published. Required fields are marked *

 

Reports

MoonBounce: the dark side of UEFI firmware

At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.

Subscribe to our weekly e-mails

The hottest research right in your inbox