Security Researchers Detect New Bladabindi Variant

The research team at Trend Micro discovered a new variant of Bladabindi, which is a remote access tool that allows hackers to access a victim’s device through backdoor capabilities such as keylogging or distributed denial of service.

What Makes the New Bladabindi Variant Different?

According to the researchers’ findings, this new variant has been refreshed from older versions to spread without the use of files. This makes it harder for software to detect the new strain since it doesn’t take a file form as previous versions did.

How Bladabindi used to work is it would infect the device. Upon doing so, it created copies of the Trojan on removable drives, meaning any device you used with the infected removable drive could be susceptible.

Furthermore, the Trojan created a registry called AdobeMX so it could execute a PowerShell script for malware deployment, according to ZDNet. This is what distinguishes the new variant from its predecessors.

The new variant is effective in disguising itself in many ways. For one, because the malware is in fileless form, it makes it hard for anti-virus software to detect it. And to add further concealment, the Trojan employs code protection software.

Another wrinkle is the malware uses Windows’ scripting language AutoIt. This process also makes it harder for anti-malware software to detect it.

How Does Bladabindi Spread?

In previous versions, hackers deployed phishing scams to infect computers with this worm. As with other phishing campaigns the messaging included a call to action and a file attachment, whereby once the victim downloaded the file it embedded the malicious code onto their device.

Once installed, the malware uses keylogging to identify everything you do on your computer. This includes capturing log in details to personal and finance websites, monitoring your browsing habits, and capturing contact data, which they could use in future phishing campaigns. And what makes the new version even trickier is the fact researchers don’t know how it spreads.

Best Practices to Minimize Data Exposure

Trend Micro states, “Users and especially business that use removable media in the workplace need to practice security hygiene. Restrict and secure the use of removable media or USB functionality, or tools like PowerShell, and proactively monitor the gateway, endpoints, networks, and servers for anomalous behaviors and indicators such as C&C communication and information theft.”

It’s also a good rule of thumb for companies and personal users alike to stay on top of the latest malware trends, as this can give you insight into how hackers operate. Then, if you encounter a phishing attempt or other malware deployments, you’ll know what you’re looking for.

In the meantime, it’s important to take proactive steps if data loss happens. The most effective method is to partner with a trusted team of recovery experts who have the tools and expertise to recover your files. Contact our team at SALAVAGEDATA, as we will be happy to make your case our next success story.