Bartalex
Posted: July 23, 2015
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 9 |
| First Seen: | July 23, 2015 |
|---|---|
| Last Seen: | September 12, 2019 |
| OS(es) Affected: | Windows |
Bartalex is a macro-based Trojan downloader that may propagate a range of diverse threatening and unwanted software. Its payload history includes high-level threats with a particular emphasis on Trojans that may include information-collecting functions, such as Dyranges (AKA Dyzap or Dyre). The latest Bartalex campaigns have used different methods, including spam e-mail and corrupted file storage links, to expose victims to Bartalex's attacks. For their part, malware experts urge anyone with a Bartalex-compromised system to run extensive anti-malware diagnostics immediately.
The Documents with Surprise Trojans
Although the technology behind document macro-based abuse is years old, its age doesn't necessarily indicate that the associated attacks have become ineffective or unpopular. Bartalex is a 2015 example of a Trojan campaign using macros (a simple set of programming statements sometimes found in Microsoft Office content) to attack PC users and spread other threats. The simplicity and limitations behind macro-based content heavily restrict Bartalex's functions, but also may make Bartalex more likely to slip past spam filters and threatening file-detecting technology, such as what your anti-malware products may use.
Unsurprisingly, malware experts found one of Bartalex's major campaigns using the well-known template of a fraudulent payroll e-mail notification. Victims opening the attached text documents without any protection suffered exposure to Bartalex, which installed spyware and backdoor-capable threats like the Pony loader. Although Microsoft Office includes some default security features meant to block compromised macros, PC users can disable these features manually, and sometimes are instructed to do so by the contents of the Bartalex-carrying documents.
A second Bartalex campaign, also this year, utilized Dropbox links, instead of e-mail attachments. This Bartalex campaign proceeded to install Dyranges, a Trojan that compromises the victim's bank accounts and uses disposable modules to modify its feature set.
Making Sure Your Documents don't Start Reading Your Bank Accounts
PC users availing themselves of the full range of security features in Microsoft Office products should be able to protect themselves from Bartalex macros being enabled by default. Malware experts also would recommend avoiding obfuscated Web addresses redirecting to file downloads, like those that could be used to propagate Bartalex Trojans. Although Dropbox has since taken action to terminate links to corrupted Bartalex files, further campaigns are likely to make use of similar techniques. Lastly, updated anti-malware products also should be able to identify Bartalex while scanning the relevant documents.
Even Web surfers who don't make use of online bank accounts are at risk from some Bartalex payloads. Because of Bartalex's close association with threats like the Pony botnet, any compromised PCs may be at risk of allowing third parties to have virtually complete access to their settings and data. Most threats installed by Bartalex are designed to avoid leaving any visible symptoms, requiring dedicated anti-malware tools to detect and remove them, as well as removing Bartalex.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.