Cylance vs. Hacker’s Door Remote Access Trojan

Background

Hacker’s Door is a remote access trojan that has been around for many years. However, it has resurfaced and Cylance employees discovered it as part of recent compromise assessment engagement.

They discovered that this new sample shares many of the traits of the old Chinese backdoor Hacker’s Door, released back in 2004 and 2005. The newer sample has been updated to allow it to run on newer operating systems and modern 64-bit platforms.

Watch the video of Cylance vs. Hacker’s Door:

VIDEO: Cylance vs. Hacker’s Door

Why is Hacker’s Door an Important Issue and Why Should I be Concerned?

Hacker’s Door is a good example of “commoditized” malware – being sold in private markets by the original author and providing updates so that the malware can continue to run.

Commoditized malware allows anyone with a little bit of money to be a threat to your business. This example highlights the fact that threat actors are comfortable relying on third-party tools to keep cost and development time to a minimum.

The newer versions allow the malware to run on current operating systems and platforms and even utilize stolen code-signing certificates to run without warning.

If you are interested in learning about Hacker’s Door, Cylance has published a deep-dive teardown of the latest samples here.

It also represents a situation where older malware can return to infect current systems. Many of the endpoint security solutions out there today rely on signatures. As these signature repositories get bigger and bigger, companies begin removing “older” signatures in favor of new signatures (to keep the updates as small as possible) – creating a situation where older malware can come back and infect your computer.

Not only can older malware reappear in your network, but also your end users are burdened with endpoint security (Read more...)

This is a Security Bloggers Network syndicated blog post authored by The Cylance Team. Read the original post at: Cylance Blog