New Bandook RAT Variant Resurfaces, Targeting Windows Machines

A new variant of the Bandook remote access trojan is spreading via phishing attacks, aimed at infiltrating Windows machines. Researchers at Fortinet FortiGuard Labs found the malware is distributed via a PDF with a link to a password-protected .7z archive. Once extracted, the malware injects itself into msinfo32.exe, modifying registry to establish persistence and establish contact with a C2 server to retrieve additional payloads and instructions.