Cybercriminal installs security software only to be found out by it

A cyber attacker installed the Huntress endpoint security solution to protect himself. What he didn’t realize was that this allowed Huntress to monitor his activities. Despite some controversy, the security company claims that valuable information was obtained.

When a host signaled malware to Huntress, it turned out to be an old acquaintance: the same “machine name,” or unique device identifier, had appeared in several previous incidents. When Huntress analysts looked at the host in more detail, they saw evidence of research into potential targets via the browser history.

Huntress removed its own agent after 84 minutes, but with all the information obtained, it was clear that the malicious user had taught himself AI tooling for spreading malware, was researching cryptocurrency, and was using automation solutions. The host’s profile could be mapped from May to July 2025.

Dissatisfied colleagues

Huntress’ explanation is in-depth. As the security company states, it is fascinating to see exactly how an attacker works. It was already clear that cybercriminals use AI, but this example shows that the way they do so is diverse and innovative. Also striking but entirely logical: cyber attackers want to be equipped with security software just as much as their victims.

However, Huntress’s example caused controversy. It was not initially clear that Huntress had uninstalled its own agent (installed via a trial membership) and therefore had not provided the cybercriminal with security. Fellow security specialists are also concerned about the extent to which anyone, malicious or not, can be monitored in detail by security services.

Others argue that the alleged invasion of privacy by the attacker is justified, primarily because the software was installed voluntarily and because the attacker was proven to be malicious. Huntress’s surveillance only took place because there were signs of malware, a legitimate reason to take a look at a customer’s system.

In any case, the Huntress blog presents a striking story that, whether justified or not, offers insight into the thinking and behavior of a cyber attacker.

IGEL benefits from seismic VMware and Windows 10 shifts

No matter how strong IT security is, cyberattacks are almost impossible to prevent. IGEL argues that endpoint...

Erik van Klinken August 22, 2025

Top story

Expert Talks

Tech calendar

Cybercriminal installs security software only to be found out by it

Dissatisfied colleagues

Stay tuned, subscribe!

ASML becomes largest shareholder in Mistral AI after 1.3B euro deal

The AI world is shifting: Microsoft chooses Anthropic, OpenAI opts for Oracle

SAP Sapphire Orlando: Unveiling a new pricing strategy

What does HPE Financial Services do?

Better servers and storage have direct impact on wine sales and marketing

Global cancer research needs a data platform that can support it

The AI productivity mirage: why leaders are aiming at the wrong target

Meeting future workload demands: the case for emerging memory technologies

How AI and automation are redefining ROI in the enterprise

Enhancing video encoding: The AV1 support in the new ARTPEC-9 System-on-Chip

VeeamON Tour 2025

IT Arena

National 6G Conference

Innovation Week 2025

Luxembourg Venture Days

Appdevcon

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices