BendyBear
BendyBear is an advanced piece of malware believed to originate from China. While security experts have not yet identified the criminal organization behind this campaign, they suspect that the BlackTech Advanced Persistent Threat (APT) group may be involved. The BendyBear implant is very sophisticated, and its operators have added impressive functionality designed to bypass anti-virus products and avoid systems used for malware analysis. Of course, evading controlled environments is not BendyBear's only feature – it also can be used for long-term espionage attacks thanks to its ability to hide its components cleverly.
Of course, regular computer users are unlikely to be at risk of being infected by the BendyBear since this malware is likely to be used against high-profile targets that the BlackTech APT expresses interest in. Once the implant is active, BendyBear can modify the infected system's DNS configuration, collect files and transfer additional payloads.
Another advantage of the BendyBear implant is its ability to operate without writing files on a disk – all of its components and the configuration it needs to run are stored into the computer's memory, therefore evading traditional security products.
Information about BendyBear's cyber-espionage campaigns is likely to appear soon, and, hopefully, this will enable organizations worldwide to take the necessary precautions to protect their networks from this malware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.