Houdini Malware Used in New Way

silversurfer

Level 83
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,312
Researchers at SASE platform provider Cato Networks say they have discovered a novel use of the Houdini malware variant for spoofing of devices.

The findings were reported in Cato's second-quarter analysis report, the Cato Networks SASE Threat Research Report Q2-2021. The researchers analyzed 263 billion enterprise network flows between April and June 2021 for the report.

New Use of Houdini​

Spoofing device IDs has been a top priority for attackers, evolving from simple point solutions to cloud-based services, the report says. The Cato Networks research suggests that device identity spoofing threatens to become far more prevalent.

"Houdini is a well-known RAT, but our research shows this particular use is novel. Houdini exfiltrated data within the user agent field, an approach often undetected by legacy security systems. Cato Research Labs only identified such threats by cross-correlating security and network information," the report says.

Popular with Middle Eastern and North African threat actors, Houdini is widely available for download in numerous Arabic language hacking forums for a low price or free, the report says. Spoofing as a service is one such purchase avenue, in which cybercrime forums provide virtual or physical machines based on specified requirements for attackers to use to launch an attack.

While the malware, and its worm-like spreading mechanism, is not a new threat, its new capabilities illustrate the lengths malware writers will go to when attempting to remain hidden from point solutions, the report says.