![]() Previous reports have mentioned that the developers of Bandook might be developers for hire (also known as “malware as a service”), which makes sense given the various campaigns with different targets seen through the years. Finally, Check Point’s report in 2020 showed that the attackers started to use signed executables to target many verticals in various countries. They gave the name Dark Caracal to the group responsible for the attacks. Then in 2018, Lookout published its research uncovering other espionage campaigns that had different targets but used the same infrastructumre. The report published that year by EFF, Operation Manul, describes the use of Bandook to target journalists and dissidents in Europe. ![]() Given the malware used and the targeted locale, we chose to name this campaign Bandidos.īandook is an old remote access trojan: there are references to it being available online as early as 2005, though its use by organized groups was not documented until 2016. ![]() We also found that this campaign targeting Venezuela, despite being active since at least 2015, has somehow remained undocumented. ![]() When comparing the malware used in this campaign with what was previously documented, we found new functionality and changes to this malware, known as Bandook. In 2021 we detected an ongoing campaign targeting corporate networks in Spanish-speaking countries, with 90% of the detections in Venezuela. ESET Research uncovers an active malicious campaign that uses new versions of old malware, Bandook, to spy on its victims
0 Comments
Leave a Reply. |