Researchers Discovered a New Malware Sharing Similarities With WaterBear

BlackTech Blogs | IEMLabs

Recently, Security researchers have discovered a well-engineered, sophisticated, and difficult-to-detect malware possibly designed by an APT group named BlackTech also known as Palmerworm group. BlackTech is an advanced cyberattack group that generally attacks technology companies and government entities across Taiwan, Japan, and Hong Kong.  The malware was later named as BendyBear by experts and shares several similarities with WaterBear malware.

The WaterBear malware came into spotlight in 2020 for targeting Taiwanese government agencies in sophisticated attacks. Along with 10,000+ bytes of machine code, several behavior and features of the new malware BendyBear  also strongly correlate with the BlackTech-associated WaterBear malware.

The BendyBear malware uses advanced features and anti-analysis techniques such as modified RC4 encryption, signature block verification, and polymorphic code. In addition, BendyBear leverages the existing Windows registry key, generates unique session keys for each connection to the C2 server, and encrypts or decrypts function (code) blocks during runtime, at a macro level.

As a good news no such campaign is detected where attackers have used BendyBear malware, but its emergence highlights the forthcoming challenges for the cybersecurity industry. The advanced stealth and detection-evasion techniques indicate that this malware developer group has become more focused on a high level of technical sophistication.

By Hrithik Lall

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.

This site is under maintenance,
some features might not work!!!