HP Reveals Cybercriminals’ New Tactic: Malware ‘Meal Kits’ Threatening Business Security


The latest HP Wolf Security Threat Insights Report highlights a concerning trend: the rise of pre-packaged malware kits in cybercriminal marketplaces. These “meal kits” are providing even low-level attackers with sophisticated tools to evade detection and compromise organizational security. The report draws data from millions of endpoints equipped with HP Wolf Security,

Retro Malware with a Modern Twist

One of the key revelations of the report is the resurgence of older malware forms, now repackaged with modern evasion capabilities. For instance, a recent campaign, dubbed “Houdini’s Last Act,” used fake shipping documents embedded with Vjw0rm JavaScript malware. This malware, despite being a decade old, successfully bypassed email defenses thanks to its obfuscated code. Such campaigns demonstrate the continued effectiveness of vintage malware when coupled with contemporary cybercrime tools.

“Jekyll and Hyde” Attacks and Affordable Cybercrime Kits

Another alarming development is the emergence of “Jekyll and Hyde” attacks. In one identified campaign involving the Parallax RAT (Remote Access Trojan), attackers launched two threads when users opened a malicious scanned invoice. While one thread displayed a legitimate-looking invoice, the other ran the malware in the background. Such attacks have become more accessible, with pre-packaged Parallax kits being advertised on hacking forums for as little as $65 USD per month.

Alex Holland, Senior Malware Analyst at HP Wolf Security, notes, “Threat actors today can easily purchase pre-packaged, user-friendly malware ‘meal kits’, that infect systems with a single click. Instead of creating their own tools, low-level cybercriminals can access kits that use living-off-the-land tactics. These stealthy in-memory attacks are often harder to detect due to security tool exclusions for admin use, like automation.”

Deception in the Cybercriminal World

The report also sheds light on the deceptive practices within the cybercriminal community. Attackers are reportedly setting traps for aspiring cyber criminals by hosting fake malware-building kits on platforms like GitHub. These traps lead to the attackers infecting their own machines. Despite the availability of popular malware kits like XWorm for $500 USD, many resource-strapped cyber criminals fall for these fake, cracked versions.

Insights from HP Wolf Security

HP Wolf Security’s unique approach involves isolating threats on PCs in a safe manner, allowing malware to detonate without causing harm. This method has provided HP with specific insights into cybercriminal techniques. Remarkably, HP Wolf Security customers have interacted with over 30 billion email attachments, web pages, and downloaded files without a single reported breach.

Diversified Cyber Attack Methods

The report further details the evolving tactics of cybercriminals:

  • Archives remain the most popular malware delivery method, used in 36% of cases.
  • Macro-enabled Excel add-in threats (.xlam) have risen significantly in popularity.
  • At least 12% of email threats bypassed email gateway scanners.
  • Q3 saw a notable increase in attacks using Excel (91%) and Word (68%) exploits.
  • A 5%-point rise in PDF threats was noted compared to the previous quarter.
  • The primary threat vectors were email (80%) and browser downloads (11%).

Holland emphasizes the importance of proactive measures: “To counter pre-packaged malware kits, businesses should isolate high-risk activities like opening email attachments and clicking links. This minimizes breach potential by reducing the attack surface.”

HP Wolf Security’s application isolation technology is a pivotal defense against threats that bypass conventional security tools, offering unique insights into intrusion techniques and threat actor behavior.

This data was collated from consenting HP Wolf Security customers during July-September 2023, providing a comprehensive view of current cybersecurity threats and trends.

Image: Hp



Joshua Sophy Joshua Sophy is the Editor for Small Business Trends and has been a member of the team for 16 years. A professional journalist with 20 years of experience in traditional media and online media, he attended Waynesburg University and is a member of the Society of Professional Journalists. He has held roles of reporter, editor and publisher, having founded his own local newspaper, the Pottsville Free Press.