Can Tricky TxHollower Malware Evade Your AV?

TxHollower is a loader-type malware that has been found to deliver a variety of payloads including AZORult, FormBook, GandCrab ransomware, LokiBot, NetWire, njRat, Pony, Remcos backdoor and SmokeLoader. Infections attributable to TXHollower have been occurring since early 2018 and have been rising rapidly thanks in part due to TXHollower’s ability to avoid some vendors’ security solutions. In this post, we take a look at TXHollower and give it a spin on one of our endpoints.