Recent Articles
Quickest Mobile Data Recovery Case: 100% of Data Recovered in One Hour
How to fix a corrupted database on PS4
How to Troubleshoot Black or Blank Screens in Windows
LockBit Ransomware: A Comprehensive Guide to the Most Prolific Cyber Threat
How To Use iPad Recovery Mode
How to Prevent Overwriting Files: Best Practices
External Hard Drive Not Showing Up On Windows – Solved
How to Fix a Corrupted iPhone Backup
Backup and Remote Wiping Procedures
Common VMware Issues and Troubleshooting Solutions
Bogdan Glushko
CEO at SalvageData Recovery, Bogdan Glushko has over 18 years of experience in high-security data recovery. Over the years, he's been able to help restore data after logical errors, physical failures, or even ransomware attacks, for individuals, businesses, and government agencies alike.
I think there's an issue with my storage device, but I'm not sure Start a free evaluation →
I need help getting my data back right now Call now (800) 972-3282
The research team at Trend Micro discovered a new variant of Bladabindi, which is a remote access tool that allows hackers to access a victim’s device through backdoor capabilities such as keylogging or distributed denial of service.
What Makes the New Bladabindi Variant Different?
According to the researchers’ findings, this new variant has been refreshed from older versions to spread without the use of files. This makes it harder for software to detect the new strain since it doesn’t take a file form as previous versions did.
How Bladabindi used to work is it would infect the device. Upon doing so, it created copies of the Trojan on removable drives, meaning any device you used with the infected removable drive could be susceptible.
Furthermore, the Trojan created a registry called AdobeMX so it could execute a PowerShell script for malware deployment, according to ZDNet. This is what distinguishes the new variant from its predecessors.
The new variant is effective in disguising itself in many ways. For one, because the malware is in fileless form, it makes it hard for anti-virus software to detect it. And to add further concealment, the Trojan employs code protection software.
Another wrinkle is the malware uses Windows’ scripting language AutoIt. This process also makes it harder for anti-malware software to detect it.
Illustration by Lynda.com
How Does Bladabindi Spread?
In previous versions, hackers deployed phishing scams to infect computers with this worm. As with other phishing campaigns the messaging included a call to action and a file attachment, whereby once the victim downloaded the file it embedded the malicious code onto their device.
Once installed, the malware uses keylogging to identify everything you do on your computer. This includes capturing log in details to personal and finance websites, monitoring your browsing habits, and capturing contact data, which they could use in future phishing campaigns. And what makes the new version even trickier is the fact researchers don’t know how it spreads.
Best Practices to Minimize Data Exposure
Trend Micro states, “Users and especially business that use removable media in the workplace need to practice security hygiene. Restrict and secure the use of removable media or USB functionality, or tools like PowerShell, and proactively monitor the gateway, endpoints, networks, and servers for anomalous behaviors and indicators such as C&C communication and information theft.”
It’s also a good rule of thumb for companies and personal users alike to stay on top of the latest malware trends, as this can give you insight into how hackers operate. Then, if you encounter a phishing attempt or other malware deployments, you’ll know what you’re looking for.
In the meantime, it’s important to take proactive steps if data loss happens. The most effective method is to partner with a trusted team of recovery experts who have the tools and expertise to recover your files. Contact our team at SALAVAGEDATA, as we will be happy to make your case our next success story.
