Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content



Also known as: Hangman

Category: Malware

Type: Backdoor trojan

Platforms: Windows


Damage potential: Data theft, espionage, operational disruption, reputational damage, future payloads


Hoplight, or Hangman, is a backdoor trojan that gathers data from an infected device and waits for further instructions or additional payloads from its command and control server. First reported in 2019, Hoplight has been used in cyber espionage campaigns targeting government agencies and international companies.

Possible symptoms

Hoplight usually operates subtly, but these signs might give it away:

  • Unusually high network traffic.
  • Unexpected system files or processes.
  • Slower system performance.
  • Changes in system settings.
  • Frequent system errors and crashes.
  • Unauthorized access to accounts.

Sources of the infection

Phishing emails, infected websites or removable media (e.g., USB drives), software vulnerabilities, and supply-chain attacks are the most typical sources of infection for this trojan.


Here are some protective measures you can take against Hoplight:

  • Do not click on suspicious links or attachments in emails, especially from unknown senders.
  • Block malware-hosting websites and scan downloads for viruses with NordVPN’s Threat Protection feature.
  • Make sure your operating system and other software are updated.
  • Install reliable antivirus software.
  • Regularly back up important data.


If you think you might have Hoplight on your device, you need to act promptly:

  • Disconnect your device from the internet to prevent Hoplight from communicating with its command and control server.

  • Boot into safe mode.

  • Run a full system scan using a reputable antivirus solution.

  • Follow the instructions provided by your antivirus software.

  • Change your passwords and keep an eye on your accounts for suspicious activity.

Consult an IT professional if the infection is particularly severe.

Ultimate digital security