Foudre Malware

The Foudre Malware is a threatening implant part of the arsenal of the Infy Advanced Persistent Threat (APT) group. These criminals originate from Iran, and their attacks have been followed by cybersecurity researchers closely ever since they were first identified in 2007. The first traces of the Foudre Malware were noticed in 2017, and the malware has received several significant updates since then. The most recent campaign to involve this implant was carried out with the use of phishing emails containing a threatening, macro-laced Microsoft Office document. Users who try to review the document are asked to enable the execution of macros, and users who allow this will end up being infected by the Foudre Malware.

The Foudre Malware has a keylogging component, as well as the ability to evade popular anti-virus tools and debugging software. In addition to this, its operators can command it to download and deploy additional implants on the compromised system. In the most recent campaign, many of the computers infected by the Foudre Malware also had the Tonnerre Malware running on them.

The Tonnerre Malware also is written in Delphi, and its features are similar to the ones found in Foudre Malware. However, malware researchers note one outstanding difference – while the Foudre Malware launches all modules simultaneously, the Tonnerre Malware only loads the one it needs currently. This greatly reduces the noticeable activity it generates on compromised systems.

The Foudre Malware is likely to continue to receive updates and to be employed in Infy APT's attacks. Middle-eastern companies can protect their networks from it by investing in reputable anti-malware and firewall services.