Home » HORNET’S NEST Campaign Delivers Six In One Malware
Cyber Attack

HORNET’S NEST Campaign Delivers Six In One Malware

HORNET’S NEST Campaign Delivers Six In One Malware
HORNET’S NEST Campaign Delivers Six In One Malware

The Researchers have discovered a new malware campaign that targets organizations of US and Europe. The campaign can turn out the Christmas week into a nightmare for the targeted organizations as it is a six in one malware campaign dubbed as “Hornet’s Nest.”

The newly discovered malware is known as Legion Loader that infects the target computer system with not one or two but six malware that can put the privacy and security at huge risk. A deeper research and closer scrutiny at the campaign reveals that the six types of malware that were mixed to create a hornet’s nest were cryptominers, cryptostealer, backdoor and infostealers. The hornet’s nest though exerts a lot of malicious effects on the victim but its main aim gets expressed as a cryptocurrency stealer.


The malware is written in MS Visual C++8 programming language with indications of active modification. Also, various evidences like codes and comments used within the malware prove it to be a Russian origin. The malware is potentially designed to destroy the security layer of organizations and drop variety of information stealers to the host machine. The kind of strategy adapted by the malware as well as the nature of attack clearly depicts that the malware has been designed essentially as a dropper for hire campaign.

Decoding The Six In One Malware

According to the researchers, the elements of the HORNET’S NEST campaign are : Vidar, Predator the Thief, Racoon Stealer, Crypto Stealer , Crypto Miner, and RDP Backdoor.

  • Vidar :It targets the various types of personal information stored in the system. This information might also include all data that are stored in two factor authentication software.
  • Racoon Stealer: Able to create a bypass for itself and omit the anti-spam messaging gateways of Microsoft and Symantec.
  • Crypto Miner: Uses the CPU and GPU power of the attacked computer to silently mine for cyrpto-currency. This continues for a long time and is usually explored when there isn’t much that can be done. Hornet’s nest is an ultimate crypto stealer
  • Predator the Thief: Used to capture images from the victim’s webcam and steal sensitive data.
  • RDP Backdoor: Other than attacking by itself, this malware promotes and facilitates the entry of another attacking agent.  It ensures that in future the other attacker keeps on hampering the normal working of the computer and continue the destruction.
  • Crypto Stealer: Executes PowerShell commands to allow the attacker to steal crytocurrency from the bitcoin wallet of the victim.

Such attacks can be very threatening for the organizations as the real motive behind the development of such malware campaigns is to steal monetary and sensitive information from the victimized computer systems. The hornet’s nest steals all the personal data including the credentials of cryptocurrency wallets from the victim’s system and sells it on the dark web which is potentially beneficial for hackers as a huge source of money.

Prevention Tips

Considering the variety of stealers used in the attack campaign, it is clear that the malware authors targets a large volume of data stored within the systems of organizations. As the landscape of attack is large so as its effects. Thus, the cybersecurity team of the organizations should take a proactive approach to combat the HORNET’S NEST attack.

  • Every employee of the organizations should adopt the basic cyber security measures;
  • Necessary software and system updates should be done and software patches should be applied to fix any bugs;
  • System’s firewall should be updated and insecure ports should be blocked that can allow the entry of HORNET’S NEST campaign- Legion Loader malware.

MUST READ: National Cybersecurity Awareness Month (NCSAM) October 2019 (Guildlines For CyberSecurity)

About the author

UnboxHow Team

If you have come this far, it means that you liked what you are reading. Why not reach little more and connect with us directly on Google Plus, Facebook or Twitter. We would love to hear your thoughts and opinions on our articles directly.

Add Comment

Click here to post a comment