Bachosens is a trojan discovered in February 2017 and deployed against select targets using covert communication channels to evade detection. It is used to steal information and download additional malware onto compromised machines. The trojan creates a registry entry in order to run every time Windows starts, opens a backdoor to connect to its C2 server, and can then execute the following functions:

  • Log keystrokes
  • Download and execute files
  • Copy files
  • List files
  • Delete files
  • Create directories
  • Delete directories
  • Change registry entries
  • List processes
  • Terminate processes


  • May 2017: "Lone Wolf" hacker Igor used Bachosens to infiltrate an automotive parts supplier in China for years. (Motherboard)

Technical Details

  • Symantec provides technical details on Bachosens, here.
  • Medium provides analysis of Bachosens, here.