FireEye Researchers Uncover BaneChant Trojan
To avoid detection, the malware waits for at least three mouse clicks before proceeding.
FireEye researchers recently came across new malware called Trojan.APT.BaneChant, which is delivered via a fake Word document called "Islamic Jihad.doc," indicating that it's likely being used to target Middle Eastern and Central Asian governments. According to FireEye, the malware is designed to upload information about the infected computer, then set up a backdoor for remote access.
Key features of Trojan.APT.BaneChant include the fact that it waits until it detects at least three mouse clicks before proceeding, performs a callback to a legitimate URL shortening service rather than directly to the command and control server, and waits for an Internet connection to download and execute malicious code, all to avoid detection.
"As defense technologies advance, malware also evolves," writes FireEye's Chong Rong Hwa. "In this instance, we could see that the malware has performed a number of tricks to defeat detection."