Security News > 2021 > February > New BendyBear APT malware gets linked to Chinese hacking group
Unit 42 researchers today have shared info on a new polymorphic and "Highly sophisticated" malware dubbed BendyBear, linked to a hacking group with known ties to the Chinese government.
The malware has features and behavior that strongly resemble those of the WaterBear malware family, active since at least as early 2009.
WaterBear is connected to BlackTech, a cyberespionage group linked by threat researchers to the Chinese government.
"At 10,000+ bytes, BendyBear is noticeably larger than most, and uses its size to implement advanced features and anti-analysis techniques, such as modified RC4 encryption, signature block verification, and polymorphic code," Unit 42 said.
Due to the features such as signature block verification and the use of anti-analysis techniques, it's fairly obvious that BendyBear's developers are focused on making it a stealthy and detection-evasion malware.
More technical details on the BendyBear shellcode, indicators of compromise, and shellcode proof of concept are available in Unit 42's report.
News URL
Related news
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress (source)
- South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware (source)
- ⚡ Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEs (source)
- Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations (source)