A new variant of remote obtain trojan termed Bandook has been observed remaining propagated by way of phishing attacks with an goal to infiltrate Windows devices, underscoring the ongoing evolution of the malware.
Fortinet FortiGuard Labs, which determined the activity in Oct 2023, claimed the malware is distributed via a PDF file that embeds a link to a password-shielded .7z archive.
“Immediately after the sufferer extracts the malware with the password in the PDF file, the malware injects its payload into msinfo32.exe,” security researcher Pei Han Liao mentioned.
![AOMEI Backupper Lifetime](https://thecybersecurity.news/data/2021/12/AOMEI-Backupper-Professional.png)
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
Bandook, first detected in 2007, is an off-the-shelf malware that comes with a huge variety of capabilities to remotely get regulate of the contaminated programs.
In July 2021, Slovak cybersecurity company ESET thorough a cyber espionage campaign that leveraged an upgraded variant of Bandook to breach company networks in Spanish-speaking countries such as Venezuela.
The commencing issue of the most up-to-date attack sequence is an injector ingredient that’s designed to decrypt and load the payload into msinfo32.exe, a respectable Windows binary that gathers system details to diagnose laptop issues.
The malware, besides creating Windows Registry improvements to build persistence on the compromised host, establishes get hold of with a command-and-handle (C2) server to retrieve additional payloads and instructions.
“These actions can be around classified as file manipulation, registry manipulation, download, data stealing, file execution, invocation of functions in DLLs from the C2, controlling the victim’s laptop, approach killing, and uninstalling the malware,” Han Liao said.
Identified this write-up attention-grabbing? Follow us on Twitter and LinkedIn to study more unique content we article.
Some pieces of this report are sourced from:
thehackernews.com