Houdini Malware Used in New Way


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
Researchers at SASE platform provider Cato Networks say they have discovered a novel use of the Houdini malware variant for spoofing of devices.

The findings were reported in Cato's second-quarter analysis report, the Cato Networks SASE Threat Research Report Q2-2021. The researchers analyzed 263 billion enterprise network flows between April and June 2021 for the report.

New Use of Houdini​

Spoofing device IDs has been a top priority for attackers, evolving from simple point solutions to cloud-based services, the report says. The Cato Networks research suggests that device identity spoofing threatens to become far more prevalent.

"Houdini is a well-known RAT, but our research shows this particular use is novel. Houdini exfiltrated data within the user agent field, an approach often undetected by legacy security systems. Cato Research Labs only identified such threats by cross-correlating security and network information," the report says.

Popular with Middle Eastern and North African threat actors, Houdini is widely available for download in numerous Arabic language hacking forums for a low price or free, the report says. Spoofing as a service is one such purchase avenue, in which cybercrime forums provide virtual or physical machines based on specified requirements for attackers to use to launch an attack.

While the malware, and its worm-like spreading mechanism, is not a new threat, its new capabilities illustrate the lengths malware writers will go to when attempting to remain hidden from point solutions, the report says.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.