The emergence of a new type of malware called MyloBot has just made surfing on the Internet a tad riskier.
MyloBot Puts Windows-Based PCs At Risk
Tom Nipravsky, a security researcher at Deep Instinct, discovered the "highly complicated" botnet, which targets Windows-based PCs.
MyloBot has a number of tricks up its sleeve, including the ability to steal data, shut down networks, and so on. The malware can also deliver numerous payloads, putting the targeted PCs at risk of Trojans, keyloggers, DDoS attacks, ransomware, and other threats.
Infected PCs are under complete control of the hacker or hackers and is then connected to a large network of internet-connected PC's, known as a botnet. The MyloBot then connects directly to the attacker's command and control servers that download additional payloads.
"The expected damage here depends on the payload the attacker decides to distribute. It can vary from downloading and executing ransomware and banking trojans, among others," Nipravsky said. "This can result in loss of tremendous amount of data, the need to shut down computers for recovery purposes, which can lead to disasters in the enterprise."
Evasion Techniques
The malware uses advanced evasion techniques to avoid detection. These include anti-sandboxing, anti-debugging, encrypted files and reflective EXE, which is the ability to run EXE files directly from memory rather than the disk. This particular technique makes it incredibly difficult to detect or trace the malware.
The botnet stays dormant on the target PC for a duration of 14 days, maintaining a low profile to avoid being detected on the system before accessing its command and controls servers.
After that, the malware terminates Windows Defender and Windows Update and blocks certain ports in the Windows firewall. These are all tactics to ensure that its malicious activity can operate without being impeded.
In addition to that, it also gets rid of other malware on infected PCs by looking for specific folders that botnets use and delete them. The strategy behind this is to eliminate the competition to ensure the attackers can infect more computers and earn more money from abusing the compromised machines.
The origin of MyloBot is not yet known, but it appears to have some sort of connection to Locky, a ransomware malware that reared its ugly head in 2016. Although MyloBot is far from widespread, one thing is for sure - the individual or individuals behind it are no amateurs.
