Casper: the newest member of the cartoon malware family


Casper is considered to be EvilBunny’s and Babar’s successor, believed to be originating from the same group of programmers – possibly connected to a French intelligence agency. Two very interesting changes the malware has undergone: it now has a modular structure which allows the attackers to download and install attack plug-ins at will and its anti AV strategies improved. This blog post is supposed to give a brief overview about the main differences between Casper and the other two we wish to mention. A thorough analysis of the Casper can be read in Joan Calvet’s (ESET) blog post, published today. Calvet has worked together again with Marion Marschalek and Paul Rascagnères to dissect this newly discovered threat.


Time frame

Anti-AV strategy

Casper’s goal

EvilBunny, Babar and now Casper… where does the name come from?