Skip to main content

Bitdefender uncovers new malware targeting government agencies

(Image credit: Photo Credit:

Researchers at cyber security firm Bitdefender recently unveiled a new targeted attack and named it Netrepser. What makes this threat different from other APTs (advanced persistent threat) is that it was built with readily available software tools.  

The goal of Netrepser, according to Bitdefender, is to steal data from government agencies. No information on which agencies were targeted.  Netrepser uses multiple methods to get its tiny digital hands on the victim’s information, from keylogging, to password theft, to cookie theft. At the very heart of this tool is a ‘legitimate, yet controversial’ recovery toolkit provided by Nirsoft.  

Nirsoft provides apps used to recover cached passwords or monitor network traffic. They work through powerful command-line interfaces that can be instructed to run completely unnoticed. Bitdefender says Nirsoft’s apps have been flagged as potential security threats long ago, mostly because they’re ‘extremely easy to abuse’, and ‘oversimplify the creation of powerful malware’.  The report also says up to 500 bots were identified during initial assessment, that only government agencies and organisations have been targeted, and that the first samples of the malware were spotted in May 2016.  

“Because of the nature of these attacks, attribution is impossible unless we dig into the realm of speculation. Our technical analysis however, has revealed that some documents and file paths this campaign is using are written in Cyrillic,” the researchers have said. 

For additional information, including technical specifics, please refer to the full report available via this Google Drive link.

Photo Credit:

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.