Bandook RAT Description
The Bandook RAT (Remote Access Trojan) has had a presence online for quite a few years now. This Trojan first emerged in 2005 and is believed to have originated from Lebanon. Over the years, it has been known by many names like Bandok.bd, Backdoor.Bandook, Troj.Bandok-j and Backdoor.Win32. It was capable of infecting machines running Windows 7, Windows XP, Windows Vista, Windows 2000, and Server 2003, which means that at the time Bandook RAT was a threat to a very large number of users who were using the Windows operating systems.
The infection occurs when the attackers create a corrupted server, spread it to victims, and use it to infect their computers and take control over them. Once the Bandook RAT's server is deployed, it will establish a connection to the attackers' computer, which will make it possible for them to take advantage of the RAT's features. The threatening program will nest itself in legitimate processes in an attempt to mislead anti-virus software and bypass basic security measures.
In the analyzed version of Bandook RAT that was detected, this Trojan's executable file is called 'ali.exe,' and it is dropped in the system folders. However, every cybercriminal that employs Bandook RAT can configure a different name, folder, and process name for it. The payload of Bandook RAT is fairly small in size – around 30kb. This Trojan has an impressive set of features – system and file managing, screen capturing, keystroke logging, etc. Bandook RAT is also capable of spying on your conversation and collecting your login credentials via its keylogger feature. The data collected would then be transferred to the attacker's servers. Furthermore, The Bandook RAT is capable of executing remote code on the infiltrated computer and interchanging the ports it uses to communicate with the attacker's server, therefore avoiding potential blocks from firewall software.
Overall, despite being released back in 2005, do not be quick to write off Bandook RAT as old news. Cybercriminals have been improving this Trojan over the years greatly, and it is certainly not a threat to overlook. It is paramount that you have a reputable anti-malware tool installed so that you can keep threats like Bandook RAT at bay.