ERT Threat Alert – New Trojan Found: Admin.HLP Attacks Organization Data

Radware’s ERT releases a threat alert regarding a new Trojan malware that sends sensitive user information out of the organization.

Radware’s Emergency Response Team (ERT) research Lab released a threat alert regarding a newly discovered Trojan Key Logger named Admin.HLP that was detected today for the first time within one of its customer’s servers.

Admin.HLP, is malicious software that monitors keystrokes on the victim’s computer, collects user passwords, credit card numbers and other sensitive information. Then it sends all the stolen data out of the organization to the attackers’ remote servers over secured HTTPS connection.

The Admin.HLP Trojan is hidden within a standard Windows help file named Amministrazione.hlp and attaches itself to emails. This standard help file does not trigger a response from anti-virus software that may be installed, and therefore it slips under the radar of standard security protection.  Once the Windows help file is opened, Admin.HLP installs itself on the victim’s computer, and it starts to collect keystrokes, which over time is sent to the attackers’ remote server.

In order to remain a persistent threat, Admin.HLP creates a startup file in Windows, guaranteeing that the Trojan is invoked after every restart of the computer.

Radware’s ERT has prepared a technical document with further details on malware. Click here to get a copy.

Radware ERT Advice:
Radware’s ERT team has created a signature to block all communication between infected organizations and the attackers’ remote servers. This prevents data leakage from the organization at all cost, no matter how many computers are infected in the organization or how difficult is it to remove the Trojan from the end users computers.

Radware’s customers are encouraged to contact the ERT to receive immediate assistance and instructions on how to remove it. Other prospects and non-Radware customers can contact the ERT through a Radware representative.

Ziv Gadot

Ziv Gadot is Senior Security Researcher for Radware and manages Radware’s Security Operations Center (SOC) , a unit performing analysis and research on DDoS related subjects and the Emergency Response Team (ERT), a 24/7 service intended to assist organizations under DDoS attacks on a daily basis. Mr. Gadot joined Radware in 2003 and is actively involved in security research and service strategy.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center