A brand new variant of a distant entry trojan referred to as Bandook has been noticed being propagated through phishing assaults with an intention to infiltrate Home windows machines, underscoring the continual evolution of the malware.
Fortinet FortiGuard Labs, which recognized the exercise in October 2023, stated the malware is distributed through a PDF file that embeds a hyperlink to a password-protected .7z archive.
“After the sufferer extracts the malware with the password within the PDF file, the malware injects its payload into msinfo32.exe,” safety researcher Pei Han Liao stated.
Bandook, first detected in 2007, is an off-the-shelf malware that comes with a variety of options to remotely acquire management of the contaminated techniques.
In July 2021, Slovak cybersecurity agency ESET detailed a cyber espionage marketing campaign that leveraged an upgraded variant of Bandook to breach company networks in Spanish-speaking international locations akin to Venezuela.
The start line of the most recent assault sequence is an injector part that is designed to decrypt and cargo the payload into msinfo32.exe, a official Home windows binary that gathers system info to diagnose pc points.
The malware, moreover making Home windows Registry modifications to determine persistence on the compromised host, establishes contact with a command-and-control (C2) server to retrieve extra payloads and directions.
“These actions may be roughly categorized as file manipulation, registry manipulation, obtain, info stealing, file execution, invocation of capabilities in DLLs from the C2, controlling the sufferer’s pc, course of killing, and uninstalling the malware,” Han Liao stated.