Anonymous Proxies being leverages to spread Hancitor

We previously have noted Hancitor utilizing TOR nodes to spread malspam. Today we started noticing a shift in that the malware is now using anonymous proxy servers to expand their operations. Jigsaw FirstWatch sensors began picking up the activity early this morning and have triggered millions of individual attempts to spread the malicious ZLoader payload using proxies which is a shift in activity for the campaign.

Screenshot of a typical Hancitor Malspam message

If content is clicked the end is infected with malicious macros.


Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2020 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business