By GoldSparrow in Malware

The Helminth backdoor is an update to a previous malware campaign named OilRig that was attacking Saudi Arabia organizations a while ago. With this update, the perpetrators of the Helminth backdoor are trying to invade governmental institutions in the US, Turkey and Israel. The Helminth backdoor communicates with its Command and Control servers by using the DNS tunneling, to receive commands of the tasks it will perform once inside an infected machine. The criminals can use the backdoor to collect and transfer data.

The Helminth backdoor has two versions: one that is an independent Windows executable and another written in VBScript and Powershell that is installed on the targeted machine through a macro found inside Excel spreadsheets. Both use very similar Command and Control protocols that permit the management of the compromised hosts. However, it looks like that Helminth has additional, posterior variants. The Helminth can invade a computer by using different delivery methods, which a dedicated and up-to-date malware scanner can intercept and disable before it can start causing harm to the affected machine and its controllers.


Most Viewed