By GoldSparrow in Trojans

Threat Scorecard

Threat Level: 90 % (High)
Infected Computers: 4
First Seen: July 23, 2015
Last Seen: September 12, 2019
OS(es) Affected: Windows

Bartalex is a threat that may be used to deliver other threats to affected computers. Bartalex may be associated with Pony (a Trojan downloader) and Dyre (a banking Trojan). Bartalex was first discovered in early 2015 and has been associated with several high profile threat attacks. Bartalex has been used in coordinated attacks designed to collect BitCoin, banking credentials, and to deliver Gameover Zeus, another banking Trojan that is particularly notorious.

Bartalex Attacks may be Very Annoying

Initial Bartalex attacks were detected in March of 2015. Bartalex was being distributed using email spam. Corrupted email messages containing Bartalex used embedded Excel and Microsoft Macros to deliver this threat. These types of threat attacks gained notoriety in 2015. Early in the year, Microsoft issued an alert about a rise in threat attacks that used these types of macros to spread from one computer to another. The use of macros in several Windows applications and platforms has risen as a way of delivering threatening components, meaning that computer users should take extra care to ensure that their computers are protected. There's no doubt that the best way to protect a computer from these types of attacks is by downloading and installing all software updated, which should patch any macro-based vulnerabilities that could remain on a computer.

An example of a typical Word document used to deliver Bartalex uses a social engineering approach that makes it seem as if the email is from a payroll service. Vulnerabilities in Windows and Microsoft Word may be used to deliver Pony and Dyre once the Bartalex malware is executed. Essentially, Bartalex may be used to to infect victims with other threats by exploiting these macro-based vulnerabilities. PC security researchers have reviewed Bartalex infections recently, detecting a newer variant of this attack that was being distributed using threatening Dropbox links. Thousands of different Dropbox links may be associated with this Bartalex attack. Bartalex may pose a serious threat. In many cases, the corrupted email attachments associated with Bartalex attacks may evade spam filters, making them particularly threatening. Fortunately, once Bartalex has infected a computer, it is relatively simple to detect and remove Bartalex. Dropbox has since shut down the accounts that had been associated with this rash of Bartalex attacks.

How Bartalex Infects a Computer

Macros have been a popular way of distributing threats for more than a decade. In fact, for a few years they were the primary way of delivering threat infections. This older approach had fallen out of fashion but has recently gained new notoriety in the form of Bartalex and several other macro-based threat attacks. These types of attacks use Microsoft Office documents that contain a 'trap', a macro that allows them to download and install other threats on the targeted computer. In theory, Bartalex may be used to deliver any type of threat to the victim's computer. The main purpose of Bartalex is to exploit these vulnerabilities in the macro features in Microsoft Office to deliver other threats. Recent higher profile Bartalex attacks have been linked to the Pony Trojan, Gameover Zeus and Dyre, all threats designed to gather online credentials and gain access to BitCoin wallets or online banking accounts.

Dealing with a Bartalex Infection

The best way to deal with Bartalex is to ensure that its avenues of attack are unavailable. Computer users should download and install all software updates and security patches to ensure that Bartalex cannot abuse macros. Finally, computer users should avoid opening unknown files, even if they are Microsoft documents or other types of recognized file formats.


Most Viewed