BadPatch

By GoldSparrow in Malware

Translate To:

The BadPatch threat has been around since 2017 – this is when it first caught the attention of malware researchers. Since the earliest BadPatch campaigns, this threat has been distributed via phishing emails. The malicious emails would contain macro-laced attachments that carry the payload of the malware.

One of the most notable BadPatch operations was carried out in 2019. In this campaign, the operators of the BadPatch malware targeted users located in the Middle East. Typically, the cyber crooks used bogus emails to propagate the BadPatch threat. In this specific case, the fraudulent emails appeared to be sent by a high-ranking Middle Eastern politician. The BadPatch malware appears to be a hacking tool used for reconnaissance operations. According to malware experts, it is likely that an APT (Advanced Persistent Threat) may be responsible for the BadPatch threat. Some speculate that the infamous Molerats hacking group may be the malicious actor behind the BadPatch campaigns.

The BadPatch malware appears to only target Windows systems. However, security analysts have detected an Android threat, which uses the infrastructure used by the BadPatch malware. This would indicate that the Molerats APT is also involved in developing malware, which targets Android devices. The Android threat in question is being distributed via a bogus application named ‘Welcome Chat.’ This app may appear as a harmless instant messaging utility, but its only goal is to allow the attackers to gain access to the targeted Android devices. Just like the BadPatch threat, the Android malware distributed via the bogus ‘Welcome Chat’ app targets Middle Eastern users.

Malware researchers have spotted another threat, which appears to be connected to the BadPatch operations. The name of this malware is B3hpy. This threat targets Windows computers exclusively. It is used for data exfiltration, as well as managing settings and controlling the active processes on the infected host. The B3hpy malware is a rather dangerous threat, despite the fact that it is not as complex as the BadPatch project.

When the BadPatch infects a targeted PC, it allows the attackers to:

Collect information regarding the hardware and software of the host.
Look for certain filetypes and filenames, which will be targeted for exfiltration.
Swap between SMTP and HTTP C&C (Command & Control) servers.
Take screenshots of the active windows and the user’s desktop.
Execute a keylogging module that would collect the keystrokes of the victim.

Despite being around for three years, the BadPatch operations do not seem to be winding down. The operators of this project are applying regular updates to the hacking tool, which allows it to remain potent and relevant.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

BadPatch

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen