A RAT Variant Bandook has Resurfaced and Targets Windows Machines


A RAT Variant, Bandook has Resurfaced and Targets Windows Machines

The propagation of a novel iteration of the remote access trojan known as Bandook through phishing attacks in an attempt to compromise Windows machines highlights the malware’s ongoing evolution.

According to Fortinet FortiGuard Labs, the activity was detected in October 2023. The malware is disseminated through a PDF file that contains an embedded link to a password-protected .7z archive.

cyber news

Pei Han Liao, a security researcher, stated, “Once the victim retrieves the malware using the password from the PDF file, the malware infuses its payload into msinfo32.exe.”

Bandook, a ready-made malware that was initially identified in 2007, comprises an extensive array of functionalities designed to enable remote control over infected systems.

cyber crime news

ESET, a Slovak cybersecurity firm, disclosed in July 2021 the specifics of a cyber espionage campaign that compromised corporate networks in Spanish-speaking nations, including Venezuela, by utilizing an enhanced variant of Bandook.

An injector component intended to decrypt and load the payload into msinfo32.exe, an authorized Windows binary that collects system data in order to diagnose computer issues, is the beginning point of the most recent attack sequence.

In addition to modifying the Windows Registry to ensure its continued existence on the compromised system, the malware establishes communication with a command-and-control (C2) server in order to obtain further payloads and instructions.

“These activities can be generally classified as file manipulation, registry manipulation, download, information theft, file execution, initiation of functions in DLLs from the C2, controlling the victim’s computer, process killing, and uninstalling the malware,” according to Han Liao.

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space.  Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM.  Naagerentered the field of content in an unusual way.  He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts.  He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field.  In the bottom line, he frequently writes for Craw Security.


8 Fraudsters Are Arrested From A Fake Scheme In Bihar That Offered Money To ‘Impregnate’ Women without Kids

The Misuse of Army WhatsApp Groups to Degrade and Damage the Reputation of Journalists

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Can we help you?