Helminth

By GoldSparrow in Malware

Translate To:

The Helminth backdoor is an update to a previous malware campaign named OilRig that was attacking Saudi Arabia organizations a while ago. With this update, the perpetrators of the Helminth backdoor are trying to invade governmental institutions in the US, Turkey and Israel. The Helminth backdoor communicates with its Command and Control servers by using the DNS tunneling, to receive commands of the tasks it will perform once inside an infected machine. The criminals can use the backdoor to collect and transfer data.

The Helminth backdoor has two versions: one that is an independent Windows executable and another written in VBScript and Powershell that is installed on the targeted machine through a macro found inside Excel spreadsheets. Both use very similar Command and Control protocols that permit the management of the compromised hosts. However, it looks like that Helminth has additional, posterior variants. The Helminth can invade a computer by using different delivery methods, which a dedicated and up-to-date malware scanner can intercept and disable before it can start causing harm to the affected machine and its controllers.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Helminth

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen