BADNEWS Description

BADNEWS is a backdoor Trojan that was used in several attack campaigns carried out by the Patchwork group, an Advanced Persistent Threat actor that targets Indian users frequently. The BADNEWS Trojan has been around for over two years, but it has received an update recently, which strengthens its abilities to evade sandbox environments and anti-virus engines, as well as carry out additional tasks on the compromised computer. The Patchwork group also is known by the names Dropping Elephant or Monsoon.

The Patchwork Group Continues to Improve the BADNEWS Backdoor

The latest campaign that involves the use of the BADNEWS backdoor Trojan is carried out with the help of spear-phishing emails whose subjects and contents are tailored to attract the interest of the recipients – the decoy documents may claim to contain information about the Pakistan Ministry of Interior or Pakistan Atomic energy Commission. The documents have a macro script embed into them that attempts to exploit the Microsoft Office vulnerabilities CVE-2015-2545 and CVE-2017-0261.

BADNEWS is meant to serve as a reconnaissance and data exfiltration tool that also provides attackers with the ability to execute commands on the remote host and upload additional payloads. On command, BADNEWS can scan all hard disk partitions and look for files that use the extensions; .xls, .xlsx, .doc, .docx, .ppt, .pptx and .pdf. The files are then uploaded to a Command & Control server via an HTTP request. The operators of the BADNEWS backdoor can execute a wide range of commands on the compromised host, enable a keylogger, and take screenshots of the desktop.

Patchwork is not the most relevant Advanced Persistent Threat (APT) group, but their attacks are still remarkable – they use custom-built malware and have inside information that helps them craft legit-looking decoy documents that get sent to their victims definitely.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to BADNEWS may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Posted: October 25, 2019

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.