Attacks with an updated iteration of the Bandook remote access trojan have been launched against Windows machines, reports The Hacker News.
Malicious PDF documents linking to a .7z archive have been distributed by threat actors to commence the execution of an injector component for the decryption and loading of Bandook RAT into the Windows binary "msinfo32.exe" before proceeding with modifying the Windows Registry for persistence, a report from Fortinet FortiGuard Labs revealed. Further payloads and instructions are then fetched by the malware from the command-and-control server.
"These actions can be roughly categorized as file manipulation, registry manipulation, download, information stealing, file execution, invocation of functions in DLLs from the C2, controlling the victim's computer, process killing, and uninstalling the malware," said researcher Pei Han Liao.
Such findings come after Bandook RAT, which initially emerged in 2007, had another updated variant reported by ESET to have been leveraged in a cyberespionage campaign against Venezuela and other Spanish-speaking nations in 2021.
Malicious updates have been recently issued to the Python Package Index package "django-log-tracker," which was last modified in April 2022, to facilitate the distribution of the Nova Sentinel information-stealing malware, The Hacker News reports.