Babar

Malware experts have spotted a threat that appears to be developed by a hacking group, which is related to the intelligence services in France closely. The name of the threat is Babar, and it had first emerged in 2014. However, cybersecurity researchers spent around a year studying the Babar malware, as there was not sufficient data on its activity and features. According to their research, the creators of the Babar threat would often utilize it alongside another one of their custom-made hacking tools called Trojan.EvilBunny.

The Babar malware is a RAT (Remote Access Trojan), whose main goal is carrying out reconnaissance operations. Once the Babar malware has infected the targeted system, the Babar RAT may remain active for prolonged periods, sometimes even months, and operate silently. The Babar would use various tricks to gain persistence on the compromised PC, even if the system is rebooted, and evade detection by firewall utilities and anti-malware applications that may be active on the host.

Just like most RATs, the Babar threat is capable of injecting its code in active processes, obtain files from specific directories, and execute remote commands. However, the Babar RAT has some additional features such as a keylogging module that would collect the keystrokes of the target and transfer them to the C&C (Command & Control) server of the threat’s operators. The Babar malware also has a clipboard collecting module, which monitors the data stored in the target’s clipboard and collects any potentially sensitive data that may be found there. Furthermore, the Babar RAT is able to take screenshots of the active windows and the desktop of the victim. This nasty RAT also can use the microphone of the breached host to record audio. The Babar threat appears to look for certain instant messaging applications. Malware experts speculate that the Babar RAT is designed to record the audio of conversations taking place via the messaging applications we mentioned.

The Babar RAT is a high-end hacking tool developed by a group sponsored by the French government, so it is no surprise that it possesses a long list of capabilities and features.