"Long-Existing Bandook RAT Targets Windows Machines"
"Long-Existing Bandook RAT Targets Windows Machines"
Fortinet researchers discovered a new variant of the Bandook Remote Access Trojan (RAT) being used in phishing attacks against Windows users. Bandook has been used by different threat actors in several campaigns since 2007. The new variant, discovered in October 2023, spreads through phishing messages involving a PDF file containing a shortened URL that leads to the download of a password-protected .7z file. When the malware is extracted from the archive, it injects its payload into msinfo32.exe. This article continues to discuss the new variant of the Bandook RAT.