During a core investigation, the Unit 42 researchers have discovered a new polymorphic and “highly sophisticated” and well-engineered malware that is named as BendyBear; not only this, but this malware is linked to a hacking group with familiar relations to the Chinese government.
BendyBear is assumed to be a modification of WaterBear; it is a campaign that utilizes modular malware and has been operating since 2009.
However, WaterBear is related to BlackTech, a cyberespionage group that is linked by threat researchers to the Chinese government.
The analysis that has been pronounced by Trend Micro, WaterBear is a multifaceted malware that is capable of file transfer, shell access, screen capture, and many more.
Features and capabilities of the malware
Researchers has mentioned the features and capabilities of the malware, and here they are:-
- It transmits payloads in modified RC4-encrypted parts, and it hardens the encryption of the network interface, as a single RC4 key will not…