Babar
Babar is a piece of malware believed to be developed and used by individuals that are working close cooperation with the French Intelligence bureau. The malware was first spotted in 2014, but it took cybersecurity experts over a year to collect enough samples and data to describe the Babar implant thoroughly, and reveal the full span of its features. It is believed that the Babar implant was often used in combination with Trojan.EvilBunny, another threatening tool that may have been developed by a government-backed threat actor.
Babar is meant to serve as a Remote Access Trojan (RAT) that emphasizes on espionage – it is able to work on the infected host silently, and often stay active for up to months at a time. Naturally, the malware does it by applying various techniques to evade anti-virus and firewall services, as well as make sure that its components will not cease to work in case the computer is restarted.
The Babar Malware also Eavesdrops on Victim's Online Conversations
Some of Babar's features are typical for Remote Access Trojans – it has the ability to inject its code in already running processes, execute remote commands, and collect files that are in a certain directory or use a specific name/extension. However, Babar also packs extra modules such as a keylogger and clipboard collecter – the latter may allow the attacker to obtain data by spying on the contents of the victim's clipboard.
Since Babar specializes in espionage, it makes sense that another one of its features allows it to take screenshots of the desktop or a currently active window. It also is able to record audio from the victim's device – the peculiar thing is that Babar contains a list of 'instant messaging applications' to look out for. This might mean that its operators plan to run the audio recording module when they suspect that the victim is talking to someone via the aforementioned applications.
Babar is a highly sophisticated malware implant that is only used against particular, high-value targets, clearly. The lack of Babar samples in the wild is certain proof of this, and it is very likely that the malware is still undergoing development.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.