TxHollower

There is a certain type of malware, called Trojan Loaders, which have their code so obfuscated that they manage to bypass the security checks of many anti-malware tools. On their own, Trojan Loaders do not possess any malicious features, but they are used as a backdoor through which the attackers can plant much more dangerous threats on the compromised host. Trojan Loaders are fairly similar to another type of threat – the Trojan Downloaders. However, Trojan Downloaders tend to download the malicious payload that is meant to be planted on the host from a remote server, while the Trojan Loaders carry the payload themselves.

Uses Doppleganging and Hollowing Techniques

Recently, malware researchers spotted a new Trojan Loader named TxHollower. There are reports that the TxHollower Trojan Loader has already been employed in several campaigns and has been used to deliver highly-weaponized malware like FormBook and LokiBot. The TxHollower Trojan Loader attempts to bypass security measures by using techniques known as process doppelganging and process hollowing. Essentially, their purpose is identical - to trick the system and anti-virus software into thinking that a malicious program is actually a legitimate and trustworthy process.

Detects Anti-Malware Tools

The TxHollower is able to sniff out any anti-malware tools that may be present on the user's PC and based on this information, the threat is able to determine whether it can carry out the attack successfully. If it determines that it cannot, it will immediately halt its activity as continuing would be a fruitless endeavor.

It is absolutely crucial that you have a reputable anti-malware application installed on your system because threats like the TxHollower are always looking for new victims. Also, make sure you regularly update all the software present on your computer.