HOPLIGHT

HOPLIGHT is a type of malware used by the BeagleBoyz criminal group to gain remote access to financial institution networks and steal sensitive information. It is one of several tools used by the group, with HOPLIGHT being particularly useful due to its built-in exfiltration features. The BeagleBoyz likely change their tools over time to maintain access to financial institution networks and interact with those systems. The US Government has recently found HOPLIGHT on victim systems, indicating that the BeagleBoyz are still using it for similar purposes. What sets HOPLIGHT apart from other malware is its ability to create fraudulent Transport Layer Security (TLS) sessions. This makes it difficult to detect and track the malware’s communications, further enabling the BeagleBoyz to carry out their illegal activities. HOPLIGHT shares basic Remote Access Trojan (RAT) functionality with the CROWDEDFLOUNDER implant, which is another tool used by the BeagleBoyz. Several Malware Analysis Reports provide associated Indicators of Compromise (IOCs) for HOPLIGHT and other related malware, including CROWDEDFLOUNDER and ECCENTRICBANDWAGON. These reports can help organizations identify whether their systems have been compromised by any of these malicious programs.