A brand new variant of a distant entry trojan known as Bandook has been noticed being propagated through phishing assaults with an purpose to infiltrate Home windows machines, underscoring the continual evolution of the malware.
Fortinet FortiGuard Labs, which recognized the exercise in October 2023, stated the malware is distributed through a PDF file that embeds a hyperlink to a password-protected .7z archive.
“After the sufferer extracts the malware with the password within the PDF file, the malware injects its payload into msinfo32.exe,” safety researcher Pei Han Liao stated.
Bandook, first detected in 2007, is an off-the-shelf malware that comes with a variety of options to remotely acquire management of the contaminated techniques.
In July 2021, Slovak cybersecurity agency ESET detailed a cyber espionage marketing campaign that leveraged an upgraded variant of Bandook to breach company networks in Spanish-speaking nations resembling Venezuela.
The place to begin of the most recent assault sequence is an injector part that is designed to decrypt and cargo the payload into msinfo32.exe, a professional Home windows binary that gathers system data to diagnose pc points.
The malware, moreover making Home windows Registry adjustments to determine persistence on the compromised host, establishes contact with a command-and-control (C2) server to retrieve extra payloads and directions.
“These actions will be roughly categorized as file manipulation, registry manipulation, obtain, data stealing, file execution, invocation of capabilities in DLLs from the C2, controlling the sufferer’s pc, course of killing, and uninstalling the malware,” Han Liao stated.