Dark Caracal APT group has resurfaced with a new campaign focusing on infecting computers. The Group has been active since March 2022.
Dark Caracal APT group has resurfaced with a new campaign focusing on infecting computers. The Group has been active since March 2022.
It first appeared in 2018, and the Dark Caracal group is still active and focuses on infecting hundreds of Windows computers in over a dozen countries.
Researchers discovered that Dark Caracal APT is currently using a new version of Bandook spyware to target Windows System. This malware infected over 700 Central and South American computers, primarily in the Dominican Republic and Venezuela.
The new version of Bandook malware has 148 unique updated commands to infect windows computers. The command includes capabilities such as:
- Adding or removing files from the computer.
- Taking control of the mouse.
- Turning on the webcam.
- Starting a remote desktop session.
- Recording the screen and downloading other libraries for additional functionality.
Attackers have switched the first stage of malware using GOST for payload encryption and DES for encryption in the second stage. The decryption key is derived from a passphrase by hashing it with the RIPEMD-128 algorithm.
These changes state that it has a deep connection to the Dark Caracal Group as the source code for Bandook is not public, and the malware is not for sale.
Bandook malware samples have only been observed for Windows and assumed that the infected machines are Windows computers. Most infected machines are believed to be located at places of business as the infection drops off on Saturdays and especially Sundays.
According to Shodan data, many IP addresses belong to commodity routers on ISP networks. And attackers frequently change to different IPs to infect systems. Vulnerable organisations must watch out for the IOCs associated with the attackers and the malware to take necessary preventive measures as the campaign remains active.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?