- Aug 17, 2014
Researchers at SASE platform provider Cato Networks say they have discovered a novel use of the Houdini malware variant for spoofing of devices.
The findings were reported in Cato's second-quarter analysis report, the Cato Networks SASE Threat Research Report Q2-2021. The researchers analyzed 263 billion enterprise network flows between April and June 2021 for the report.
New Use of HoudiniSpoofing device IDs has been a top priority for attackers, evolving from simple point solutions to cloud-based services, the report says. The Cato Networks research suggests that device identity spoofing threatens to become far more prevalent.
"Houdini is a well-known RAT, but our research shows this particular use is novel. Houdini exfiltrated data within the user agent field, an approach often undetected by legacy security systems. Cato Research Labs only identified such threats by cross-correlating security and network information," the report says.
Popular with Middle Eastern and North African threat actors, Houdini is widely available for download in numerous Arabic language hacking forums for a low price or free, the report says. Spoofing as a service is one such purchase avenue, in which cybercrime forums provide virtual or physical machines based on specified requirements for attackers to use to launch an attack.
While the malware, and its worm-like spreading mechanism, is not a new threat, its new capabilities illustrate the lengths malware writers will go to when attempting to remain hidden from point solutions, the report says.
Houdini Malware Used in New Way
Researchers at SASE platform provider Cato Networks say they have discovered a novel use of the Houdini malware for spoofing of devices.. DataBreachToday