Malware attacks are usually successful because they are inconspicuous. Bitsran is a threat that is well-known for its quiet entrance into the Windows operating system. As it turns out, a North Korea-based Lazarus group (also known as Guardians of Peace and Whois Team) is behind this Trojan, and so it is no wonder it has been used to attack banks. Most infamously, it stole $60 million from the Far Eastern International Bank in Taiwan, and attacks were performed against banks in Poland, Mexico, Ecuador, and other banks too. Is it possible that other banks or other kinds of organizations or companies could be affected by this malware? Actually, that is not very likely because the threat was actively attacking banks in 2016-2017. Of course, it is always possible that it could receive an upgrade and that new variants could emerge. On top of that, the same distribution method that was used to spread the malicious Trojan is still widely used for the distribution of all kinds of threats. Therefore, it is important to remember the threat. Just in case it stayed hidden within an operating system for years, we also show how to delete Bitsran.
It appears that the height of Bitsran activity was reached in 2017, but that does not mean that we can forget about this devious loader Trojan. It could easily be revived, and cybercriminals could use it to build new, potentially more advanced threats. In fact, the original version was not exceptionally sophisticated. It is believed that the Trojan was spread using spam emails, and this method of malware distribution is used to this day. The attacker creates a misleading message that is meant to push the recipient into clicking a link or attached file. This action, eventually, leads to the downloading of the malware. The spam email message might have a convincing subject line, and the sender’s email address might look believable or even familiar too. In fact, if cybercriminals hijack legitimate accounts, they could be used to spread Bitsran and similar malware. These days, spam emails are mostly used for the distribution of ransomware, which is the kind of malware that, in most cases, encrypts files to force victims into paying money (ransom) in return for decryption software. Speaking of ransomware, it is important to mention Hermes Ransomware 2.1.
Hermes Ransomware 2.1 is a well-known file-encrypting malware that can delete shadow volume copies to ensure that victims cannot recover files using a system restore point. This is the ransomware that was loaded by Bitsran when it attacked systems in 2017. What was the purpose of that? Quite possibly, that was done to paralyze victim’s systems or distract them from illicit money transfers from the banks. Of course, Bitsran could have been employed to load any kind of malware, and that completely depends on the goals of the cybercriminals. Ultimately, although this loader Trojan was not exceptionally sophisticated, it could give cybercriminals great power, and that is why it is so dangerous. Using it, the attackers could load keyloggers, other Trojans, ransomware, and all kinds of malware. Actually, if an infection is found within a system, the general rule of thumb is that the victim should inspect the entire operating system thoroughly. This is important because, in many cases, malicious infections do not travel alone.
You can scroll down to find a Bitsran removal guide, but since this infection has not been active since 2017, it is unlikely that many users will need to worry about getting rid of this malware. That being said, new variants could emerge, and the same techniques could be used to attack again and again. The effects of Bitsran were heard far and wide, and, hopefully, Windows users everywhere can learn to be more cautious and take better care of their operating systems. Of course, since this malware is associated with hackers in North Korea, it is foreign government agencies and banks that need to be most cautious about the attacks that the Lazarus group might be planning next. Most recently, in September of 2019, the United States of America identified the Lazarus group as a national security threat, and it was reported that the group had successfully stolen $700 million throughout the decade of its existence.