Bandook - A Persistent Threat That Keeps Evolving
Fortinet News, Thursday, December 21,2023
Bandook malware is a remote access trojan that has been continuously developed since it was first detected in 2007.
It has been used in various campaigns by different threat actors over the years. FortiGuard Labs identified a new Bandook variant being distributed via a PDF file this past October. This PDF file contains a shortened URL that downloads a password-protected .7z file. After the victim extracts the malware with the password in the PDF file, the malware injects its payload into msinfo32.exe. In this article, we will briefly introduce Bandook's behavior, provide detailed information about the modified elements of this new variant, and share some examples of the mechanism of its C2 communication.