Dark Caracal APT Resurfaces with Latest Bandook Spyware Variant

The Dark Caracal advanced persistent threat (APT) group has resurfaced with a new variant of its Bandook malware that has been used in a recent campaign targeting individuals in South and Central Asia. According to security researchers at Kaspersky, the new version of Bandook has been specifically tailored to evade detection by anti-virus software, making it more difficult to detect and defend against. Bandook is a type of spyware that has been used by Dark Caracal in previous campaigns to steal sensitive information and spy on targeted individuals. The latest version of the malware includes several new features that make it even more dangerous and effective. One of the most significant changes in the new Bandook variant is the way it communicates with its command-and-control (C&C) server. In previous versions, the malware would use a fixed C&C address that could be easily blocked or taken down. However, the new version uses a domain generation algorithm (DGA) that creates a new C&C address each time it communicates with the server. This makes it much more difficult for security researchers to track and block the malware. The new version of Bandook also includes several other features that help it evade detection and maintain persistence on infected systems. These include anti-VM and anti-debugging capabilities, as well as the ability to inject code into legitimate processes and create new user accounts. According to Kaspersky, Dark Caracal has been using the new version of Bandook to target individuals in South and Central Asia, including activists, journalists, and political dissidents. The group has also been known to target military personnel and government officials in the region. To protect against Bandook and other types of spyware, Kaspersky recommends that individuals and organizations keep their software up to date, use anti-virus software, and be cautious when opening email attachments or downloading files from the internet. It is also important to use strong passwords and enable two-factor authentication wherever possible.