A brand new variant of a distant entry trojan known as Bandook has been noticed being propagated through phishing assaults with an intention to infiltrate Home windows machines, underscoring the continual evolution of the malware.

Fortinet FortiGuard Labs, which recognized the exercise in October 2023, stated the malware is distributed through a PDF file that embeds a hyperlink to a password-protected .7z archive.

“After the sufferer extracts the malware with the password within the PDF file, the malware injects its payload into msinfo32.exe,” safety researcher Pei Han Liao stated.

Bandook, first detected in 2007, is an off-the-shelf malware that comes with a variety of options to remotely acquire management of the contaminated programs.

In July 2021, Slovak cybersecurity agency ESET detailed a cyber espionage marketing campaign that leveraged an upgraded variant of Bandook to breach company networks in Spanish-speaking international locations corresponding to Venezuela.

The start line of the newest assault sequence is an injector part that is designed to decrypt and cargo the payload into msinfo32.exe, a reliable Home windows binary that gathers system data to diagnose pc points.

The malware, apart from making Home windows Registry modifications to determine persistence on the compromised host, establishes contact with a command-and-control (C2) server to retrieve further payloads and directions.

“These actions could be roughly categorized as file manipulation, registry manipulation, obtain, data stealing, file execution, invocation of capabilities in DLLs from the C2, controlling the sufferer’s pc, course of killing, and uninstalling the malware,” Han Liao stated.