The malware dropper TicTacToe is targeting Windows users

Learn all about this dropper malware and protect your PC

Reading time icon 2 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

TicTacToe game featuring a malware logo across the board

TicTacToe is a new malware dropper that targets Windows users. Moreover, it delivers final-payloads in malicious attachments like mails. Unfortunately, TicTacToe comes with different malware to steal your data. In addition, this malware is difficult to detect because it changes the final-payloads.

What does a dropper malware do?

A dropper malware installs malicious files into your computer. Furthermore, they could be used to steal your information and to damage your system. In addition, this type of malware can hide itself from antivirus programs. Moreover, you might find the TicTacToe malware dropper in phishing emails as an .iso file. Once executed, it will start adding DLL files into your memory.

Unfortunately, the malware seems to be in development because it has multiple strings. Also, researchers think that groups of threat actors use the malware. So, they alter it according to their needs. On top of that, they believe that cybercriminals trade the tool actively as a service. In addition, cybercriminals are using the TicTacToe malware dropper to deliver the following final-payloads Leonem, AgentTesla, SnakeLogger, RemLoader, Sabsik, LokiBot, Taskun, Androm, Upatre and Remcos.

The name TicTacToe comes from Kolko_i_krzyzyk, a common Polish language string encountered by researchers during earlier stages.

To protect yourself and your organization from the TicTacToe malware dropper, you will need to run hash based detections. Thus, you will need a behavior-based endpoint security application, especially since the malware keeps changing. In addition, you could consider getting the FortiEDR. After all, the tool comes from the researchers who managed to identify earlier versions of the TicTacToe dropper.

Ultimately, we recommend you don’t download any suspicious files from unknown users. In addition, keep in mind that the TicTacToe malware dropper is commonly hiding in emails. So, make sure to check the source or to verify on the internet if the file could possibly have malware.

What are your thoughts? Are you ready to deal with malware attacks? Let us know in the comments.

More about the topics: antimalware, email, malware

User forum

0 messages