The BondUpdater Trojan is a dangerous weapon used against high-profile targets utilizing an unique infection mechanism. It is believed that the criminals behind it are highly experienced and are connected to a state-sponsored actor. Our article gives an overview of its behavior according to the collected samples and available reports, also it may be helpful in attempting to remove the virus.
BondUpdater Trojan – Distribution Methods
A new Trojan called BondUpdater has been identified to be spread by a hacking collective called OilRig. This group is believed to have ties to Iran is also known under various other names: Cobalt Gypsy, Crambus, Helix Kitten or PT34 became famous with its large-scale attacks against high-profile targets. It is reported that the hackers may be a state-sponsored group that is allied with the Iranian intelligence agency.
The BondUpdater Trojan is primarily distributed using SPAM email messages that appear as being sent by a legitimate sender. The hackers will spoof the credentials, layout and design elements in order to coerce the users into interacting with the dangerous contents. The targets are reported to be a “high-ranking office” located in a country in the Middle East. We have information about a campaign that makes use of macro-infected documents. The criminal collective embeds the malicious code into documents of all popular types: presentations, rich text documents, databases and spreadsheets. Once they are opened a prompt will (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Martin Beltov. Read the original post at: https://sensorstechforum.com/remove-bondupdater-trojan-restore-computer-infections/