Also known as: Hangman
Category: Malware
Type: Backdoor trojan
Platforms: Windows
Variants:
Damage potential: Data theft, espionage, operational disruption, reputational damage, future payloads
Overview
Hoplight, or Hangman, is a backdoor trojan that gathers data from an infected device and waits for further instructions or additional payloads from its command and control server. First reported in 2019, Hoplight has been used in cyber espionage campaigns targeting government agencies and international companies.
Possible symptoms
Hoplight usually operates subtly, but these signs might give it away:
- Unusually high network traffic.
- Unexpected system files or processes.
- Slower system performance.
- Changes in system settings.
- Frequent system errors and crashes.
- Unauthorized access to accounts.
Sources of the infection
Phishing emails, infected websites or removable media (e.g., USB drives), software vulnerabilities, and supply-chain attacks are the most typical sources of infection for this trojan.
Protection
Here are some protective measures you can take against Hoplight:
- Do not click on suspicious links or attachments in emails, especially from unknown senders.
- Block malware-hosting websites and scan downloads for viruses with NordVPN’s Threat Protection Pro feature.
- Make sure your operating system and other software are updated.
- Install reliable antivirus software.
- Regularly back up important data.
Removal
If you think you might have Hoplight on your device, you need to act promptly:
- Disconnect your device from the internet to prevent Hoplight from communicating with its command and control server.
- Boot into safe mode.
- Run a full system scan using a reputable antivirus solution.
- Follow the instructions provided by your antivirus software.
- Change your passwords and keep an eye on your accounts for suspicious activity.
Consult an IT professional if the infection is particularly severe.
