"A cyber attacker installed the Huntress endpoint security solution to protect himself. What he didn't realize was that this allowed Huntress to monitor his activities. Despite some controversy, the security company claims that valuable information was obtained. When a host signaled malware to Huntress, it turned out to be an old acquaintance: the same "machine name," or unique device identifier, had appeared in several previous incidents."
"Dissatisfied colleagues Huntress' explanation is in-depth. As the security company states, it is fascinating to see exactly how an attacker works. It was already clear that cybercriminals use AI, but this example shows that the way they do so is diverse and innovative. Also striking but entirely logical: cyber attackers want to be equipped with security software just as much as their victims."
"However, Huntress's example caused controversy. It was not initially clear that Huntress had uninstalled its own agent (installed via a trial membership) and therefore had not provided the cybercriminal with security. Fellow security specialists are also concerned about the extent to which anyone, malicious or not, can be monitored in detail by security services."
Huntress detected a host that signaled malware and traced the same machine name that had appeared in prior incidents. The attacker had personally installed the Huntress endpoint agent, enabling Huntress to monitor activity until the agent was removed after 84 minutes. Browser history and system artifacts showed research into potential targets, cryptocurrency, and use of AI tooling and automation to spread malware. The host's activity was mapped from May to July 2025. The incident produced valuable intelligence and provoked debate over voluntary installation, privacy, and appropriate monitoring of malicious users.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]