Bateleur is the name of a backdoor Trojan that is written in the Java programming language. It would appear that this threat was created by the notorious FIN7 hacking group. The Bateleur backdoor Trojan was first utilized in a campaign targeting various restaurants located in the United States. The FIN7 group is known to target companies and institutions that operate in the hospitality or retail industry. The end goal of most of the FIN7 campaigns to collect capital.
The Bateleur threat is distributed with the help of phishing emails. The emails in question contain a corrupted ‘.DOC’ file that was macro-laced. Once the users launch the corrupted file and enable the execution of the corrupted macro-script, the Bateleur threat will gain access to their system. The Bateleur Trojan will make sure it gains persistence on the host by scheduling a task that would ensure that the threat is executed every time the host is rebooted. Once the Bateleur malware is up and running, it would be able to:
- Manage active processes.
- Collect information about the hardware and software of the host.
- Run remote commands.
- Plant additional files.
- Take screenshots of the victim’s desktop and active windows.
As a self-preservation technique, the Bateleur malware would detect the presence of any software that may be linked to malware-debugging and terminate it immediately.
The FIN7 hacking group has been making headlines for a while. These cyber crooks should not be underestimated as they are known to carry out some high-profile campaigns targeting various businesses and organizations. If you want to keep your system untied to threats like the Bateleur backdoor Trojan, consider investing in a genuine, up-to-date anti-malware solution.