News broke earlier this week that hacking group Carbanak has added a new JavaScript backdoor called Bateleur to its toolkit used to target restaurant chains across the US. Marta Janus, Senior Threat Researcher at Cylance commented below.
Marta Janus, Senior Threat Researcher at Cylance:
“The most recent addition to the Carbanak crimeware set, a JavaScript backdoor dubbed Bateleur, might not be technically advanced, but its small size and robustness make it a handy tool that can “fly under the radar”, and might initially go unnoticed by signature-based anti-malware solutions. Although the backdoor provides limited functionality itself, it can be used to upload and execute additional modules and run shell commands on the victim’s machine.
“This approach seems to mirror a recent trend in malicious software development, where the first stage backdoor responsible for the C&C communication is as small and lightweight as possible, while most of the data stealing functionalities are implemented as separate second-stage modules. This allows the attackers to maintain only a tiny piece of code running on the machine, serving as loader of additional in-memory payloads, which might be pushed and removed by the attackers at will.”