Bartalex
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 90 % (High) |
Infected Computers: | 4 |
First Seen: | July 23, 2015 |
Last Seen: | September 12, 2019 |
OS(es) Affected: | Windows |
Bartalex is a threat that may be used to deliver other threats to affected computers. Bartalex may be associated with Pony (a Trojan downloader) and Dyre (a banking Trojan). Bartalex was first discovered in early 2015 and has been associated with several high profile threat attacks. Bartalex has been used in coordinated attacks designed to collect BitCoin, banking credentials, and to deliver Gameover Zeus, another banking Trojan that is particularly notorious.
Table of Contents
Bartalex Attacks may be Very Annoying
Initial Bartalex attacks were detected in March of 2015. Bartalex was being distributed using email spam. Corrupted email messages containing Bartalex used embedded Excel and Microsoft Macros to deliver this threat. These types of threat attacks gained notoriety in 2015. Early in the year, Microsoft issued an alert about a rise in threat attacks that used these types of macros to spread from one computer to another. The use of macros in several Windows applications and platforms has risen as a way of delivering threatening components, meaning that computer users should take extra care to ensure that their computers are protected. There's no doubt that the best way to protect a computer from these types of attacks is by downloading and installing all software updated, which should patch any macro-based vulnerabilities that could remain on a computer.
An example of a typical Word document used to deliver Bartalex uses a social engineering approach that makes it seem as if the email is from a payroll service. Vulnerabilities in Windows and Microsoft Word may be used to deliver Pony and Dyre once the Bartalex malware is executed. Essentially, Bartalex may be used to to infect victims with other threats by exploiting these macro-based vulnerabilities. PC security researchers have reviewed Bartalex infections recently, detecting a newer variant of this attack that was being distributed using threatening Dropbox links. Thousands of different Dropbox links may be associated with this Bartalex attack. Bartalex may pose a serious threat. In many cases, the corrupted email attachments associated with Bartalex attacks may evade spam filters, making them particularly threatening. Fortunately, once Bartalex has infected a computer, it is relatively simple to detect and remove Bartalex. Dropbox has since shut down the accounts that had been associated with this rash of Bartalex attacks.
How Bartalex Infects a Computer
Macros have been a popular way of distributing threats for more than a decade. In fact, for a few years they were the primary way of delivering threat infections. This older approach had fallen out of fashion but has recently gained new notoriety in the form of Bartalex and several other macro-based threat attacks. These types of attacks use Microsoft Office documents that contain a 'trap', a macro that allows them to download and install other threats on the targeted computer. In theory, Bartalex may be used to deliver any type of threat to the victim's computer. The main purpose of Bartalex is to exploit these vulnerabilities in the macro features in Microsoft Office to deliver other threats. Recent higher profile Bartalex attacks have been linked to the Pony Trojan, Gameover Zeus and Dyre, all threats designed to gather online credentials and gain access to BitCoin wallets or online banking accounts.
Dealing with a Bartalex Infection
The best way to deal with Bartalex is to ensure that its avenues of attack are unavailable. Computer users should download and install all software updates and security patches to ensure that Bartalex cannot abuse macros. Finally, computer users should avoid opening unknown files, even if they are Microsoft documents or other types of recognized file formats.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.