ArtraDownloader Description

BITTER is an APT (Advanced Persistent Threat) which has been active since 2015. Experts believe that the BITTER hacking group likely originates from Southern Asia as most of their victims are concentrated in this region – most of the attacks appear to be targeting organizations located in China and Pakistan. Ever since they began operating back in 2015, the BITTER APT has been using one main Trojan downloader – the ArtraDownloader. Naturally, to remain relevant, the BITTER hacking group had to introduce a number of updates to the ArtraDownloader over the years. The latest variant of the ArtraDownloader has some impressive capabilities when it comes to self-preservation techniques. This Trojan downloader can evade security software successfully, as well as to detect and avoid sand-box environments. The ArtraDownloader also can serve as a backdoor for the attackers to plant additional malware on the compromised host. The BITTER hacking group often combines two main tools in their campaigns – the ArtraDownloader and the BitterRAT (Remote Access Trojan).

Propagation Methods

One of the propagation methods employed by the BITTER APT is the classic spam emails that would contain a macro-laced attachment. Another simple trick that BITTER's members use is the so-called 'double extension.' For example, they can ask users to download a file named 'PAF Webmail Security Report.doc.exe' - this would show up as 'PAF Webmail Security Report.doc' on most computers since Windows is configured to hide file extensions by default. This may leave users with the impression that they are about to view a Microsoft Word document, but they will launch a potentially harmful executable file unknowingly.

Threatening Activity

When the ArtraDownloader infiltrates a system, it will begin to scan it for the presence of any software, which can be related to malware debugging. If the test comes back negative, the ArtraDownloader will establish a connection with the C&C (Command & Control) server of its operators. Through this connection, the ArtraDownloader will receive the payload, which is to be deployed on the infected machine. The 'ArtraDownloader's threatening payload appears to be hosted on legitimate websites that belong to Chinese or Pakistani citizens. It is likely that the BITTER APT has infiltrated these otherwise legitimate Web pages to use them to their own means. In these latest attacks, it appears that the ArtraDownloader works in unison with several different RATs.

To reduce the chances of becoming one of the victims of the ArtraDownloader, you should always keep all your software up to date. And do not forget to download and install a reputable anti-virus software suite, which will keep your system secure.

Do You Suspect Your PC May Be Infected with ArtraDownloader & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like ArtraDownloader as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.