Home Malware Programs Backdoors Bateleur

Bateleur

Posted: June 29, 2020

Bateleur is a JavaScript-based backdoor Trojan that was first used by the FIN7 hacking group in its campaigns against restaurants in the United States. The infamous FIN7 hackers have been involved in numerous attacks against companies in the hospitality or retail sector previously, and the goal of their attacks is almost always money theft. The Bateleur implant was spread via fraudulent email messages that contained a fake '.DOC' file that was described as a recent check. However, it is a fake document that has a corrupted macro script embedded inside of it – if the execution of macro scripts is enabled, the Bateleur implant may be installed on the compromised system.

The macro script is responsible for not just deploying the malware, but it also makes sure to grant it persistence by setting up a new scheduled task that is run automatically whenever Windows starts.

The Bateleur malware is meant to enable its attackers to execute remote commands, harvest system information, manage running processes/services, load external files, and even take screenshots of the desktop or currently active window. Another signature property of the Bateleur backdoor is its ability to detect anti-debugging software or sandbox systems and terminate its tasks.

The FIN7 hackers have been one of the top names in the cybercrime field ever since it became clear that they were the ones behind the infamous Carbanak Trojan. While the Bateleur implant is certainly not on the same level as Carbanak, it is still a sophisticated piece of malware that can cause a lot of trouble if used correctly. Companies that are at risk of becoming Bateleur's targets can ensure their networks' safety by investing in reliable anti-malware services and measures.

Loading...