By GoldSparrow in Malware

The HIPSTING threat appears to be a backdoor Trojan that belongs to an APT (Advanced Persistent Threat). This Trojan is a custom-built threat that operates very silently to avoid detection.

Malware researchers first spotted this threat back in 2013. After analyzing this threat, security experts found striking similarities between the HIPSTING Trojan and the TEMPFUN malware. However, after looking further into both threats, it became clear that the HIPSTING malware and the TEMPFUN Trojan were spawned by two different APTs that were likely using the same sources when building their malicious creations.

When the HIPSTING backdoor Trojan compromises a targeted PC, it will first connect to its operators’ C&C (Command & Control) server. Next, the threat will start collecting information regarding the infected system’s settings, hardware and software. All the gathered data will be encrypted swiftly and then transferred to the aforementioned C&C server. The HIPSTING Trojan is able to execute remote commands sent by the C&C server of the attackers. This Trojan is capable of downloading an update for itself from a genuine blog, which is hosted on WordPress.com. It is likely that this capability of the HIPSTING Trojan is no longer available, as the developers of WordPress are not likely to allow any malicious activity to be hosted on their servers.

To avoid falling victim to threats like the HIPSTING backdoor Trojan, make sure to update all your applications regularly. Also, do not forget to install a reputable anti-virus solution that will keep your PC safe.


Most Viewed