Himera Loader

The Himera Loader is a threat, which is offered online as ‘commodity-malware.’ Many cybercriminals create threats with no intention to use them personally. Instead, these cyber crooks offer them online to other evil-minded actors. Threats that are considered to be malware-as-a-commodity can either be rented or purchased. In the case of the Himera Loader, anyone willing to pay 700 Rubles (less than $10) can get their hands on this threat. The advertisements promoting the Himera Loader are all written in Russian, so it is likely that the creators of this threat originate from Russia and appear to be selling it to other evil-minded actors in the region.

As soon as the Himera Loader compromises a host, it will begin collecting data regarding its software, hardware, OS and system settings. Next, the collected information is transferred to the C&C (Command & Control) server of the Himera Loader’s operators. The Himera Loader also will gain persistence on the infected host to ensure that it runs whenever the victim boots the system. Next, after studying the information provided by the Himera Loader, the attackers can use the threat to deliver a secondary payload of their choice. The Himera Loader operates very silently, and it may remain present on the user’s system for prolonged periods.

The Himera Loader, like other threats of this type, is capable of evading some security measures to protect itself. However, if you have installed a genuine, up to date anti-malware solution, the Himera Loader would stand no chance.