Welcome to the Q3 2023 edition of the HP Wolf Security Threat Insights Report. In the report, we review notable malware campaigns, trends and techniques identified from HP Wolf Security’s customer telemetry in calendar Q3 2023.

Key Findings

• Threat actors continued to thrive off living-off-the-land tactics in Q3, abusing tools built into Windows to conduct their attacks. The HP Threat Research team identified a new malware campaign that relied entirely on living-off-the-land tools. The attackers impersonated a shipping company to spread Vjw0rm and Houdini script malware.
• HP Wolf Security identified a surge in the abuse of Excel add-in (XLL) files in Q3. Macro-enabled Excel add-in malware rose to the 7th most popular file extension used by attackers, up from 46th place in Q2. HP Wolf Security detected attackers trying to infect devices with Parallax RAT through malicious Excel add-ins masquerading as scanned invoices.
• In Q3, HP Wolf Security detected a malware campaign targeting hotels in Latin America with macro-enabled PowerPoint add-ins. The presentations, sent via email, were disguised as information from a hospitality management software vendor.
• HP uncovered attackers hosting fake remote access trojans (RATs) on GitHub, attempting to trick inexperienced cybercriminals into infecting their own PCs. The code repositories claim to contain full versions of a popular malware kit called XWorm that sells for up to $500 USD, but instead downloads and runs malware on the aspiring hacker’s machine.

Read the Report

Download the report: HP Wolf Security Threat Insights Report Q3 2023

Download (PDF)

You can download and read our previous Threat Insights Reports here.