News broke earlier this week that hacking group Carbanak has added a new JavaScript backdoor called Bateleur to its toolkit used to target restaurant chains across the US. Marta Janus, Senior Threat Researcher at Cylance commented below.
Marta Janus, Senior Threat Researcher at Cylance:
“Carbanak is one of the most sophisticated financial cybercrime groups of recent times. While carefully choosing potentially lucrative victims, they combine complex techniques used in targeted attacks with the effectiveness of wide-spread malware. They maintain high profitability by constantly improving and updating their toolkit to evade security solutions.
“The most recent addition to the Carbanak crimeware set, a JavaScript backdoor dubbed Bateleur, might not be technically advanced, but its small size and robustness make it a handy tool that can “fly under the radar”, and might initially go unnoticed by signature-based anti-malware solutions. Although the backdoor provides limited functionality itself, it can be used to upload and execute additional modules and run shell commands on the victim’s machine.
“This approach seems to mirror a recent trend in malicious software development, where the first stage backdoor responsible for the C&C communication is as small and lightweight as possible, while most of the data stealing functionalities are implemented as separate second-stage modules. This allows the attackers to maintain only a tiny piece of code running on the machine, serving as loader of additional in-memory payloads, which might be pushed and removed by the attackers at will.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.