Animations used to trick users into infecting their PCs
The latest Threat Insights Report from HP Threat Research reveals how attackers are refining campaigns with professional-looking animations and purchasable malware services.
The report provides an analysis of real-world cyberattacks, helping organizations keep up with the latest techniques cybercriminals use to evade detection and breach PCs in the fast-changing cybercrime landscape.
Campaigns highlighted by the report include attackers impersonating the Colombian Prosecutor’s Office emailing fake legal warnings to targets. The lure directs users to a fake government website, which displays a slick auto-scroll animation guiding targets to a ‘one-time password’, tricking them into opening the malicious password-protected archive file. Once opened this launches a folder that includes a hidden, maliciously modified dynamic link library (DLL). This in turn installs PureRAT malware in the background, giving attackers full control of a victim’s device.
Another notable attack uses a fake Adobe-branded PDF to redirect users to a fraudulent site that pretends to update their PDF reader software. A staged animation here shows a spoofed installation bar that mimics Adobe.
Threat actors have also hosted their payload on Discord to avoid building their own infrastructure and piggybacked off the positive domain reputation of Discord.
Patrick Schläpfer, principal threat researcher at HP Security Lab, says, “Attackers are using polished animations like fake loading bars and password prompts to make malicious sites feel credible and urgent. At the same time, they are relying on off-the-shelf, subscription malware that is fully featured, and updates as fast as legitimate software. This is helping threat actors keep ahead of detection-based security solutions and slip past defences with far less effort.”
Alongside the report, the HP Threat Research Team has published a blog analyzing the threat of session cookie hijacking attacks, the use of stolen credentials in intrusions and the proliferation of infostealer malware. Rather than stealing passwords or bypassing multi-factor authentication (MFA), attackers are hijacking the cookies that prove a user is already logged in, giving them instant access to sensitive systems. HP analysis of publicly reported attack data found that 57 percent of the top malware families in Q3 2025 were information stealers, a type of malware that typically has cookie theft capabilities.
Dr. Ian Pratt, global head of security for personal systems at HP, adds, “With attackers abusing legitimate platforms, mimicking trusted brands and adopting convincing visual tricks, like animations, even strong detection tools will miss some threats. Security teams can’t predict every attack. But by isolating high-risk interactions, such as opening untrusted files and websites, organisations gain a safety net that contains threats before they can cause harm, without adding friction for users.”
You can find out more on the HP Threat Research blog.
Image credit: denisismagilov/depositphotos.com
