MyloBot malware which was first discovered in 2018, now returns with a new malicious scheme for the victims.
According to cybersecurity researchers, the new variant of this virus relies on sending sextortion emails to the victims. The hackers behind this threat will also ask the victims to pay $2,732 in Bitcoin.
What is MyloBot
MyloBot has arrived in its latest form. The returning malware reportedly demands cryptocurrency payment from the victims by sending sextortion messages.
This sophisticated malware not only infects systems by launching propagation methods to the botnet. In addition, MyloBot, which was first seen in 2018, can also erase all the remaining traces that the other malware left in the affected networks.
This malicious code, according to Hacker News, is an expert in evading security detection. Before executing its "malicious" memory binaries and diving into the command-and-control servers, there would be a 14-day delay before these actions take place.
How MyloBot Attacks a System
First, this malware relies on process hollowing, a procedure that commonly occurs by hollowing the memory of a process. Before that, it first needs to be created in a suspended state.
After that, the hacker will unmap the memory to the live process. The arbitrary executable code will later be replaced. This could come in the form of a resource file that is already decoded.
In a security report from Minerva Labs, cybersecurity researcher Natalie Zargarov wrote that a new folder under C:\ProgramData will be created for the second stage.
"It looks for svchost.exe under a system directory and executes it in suspended state. Using an APC injection technique, it injects itself into the spawned svchost.exe process," she added.
Regarding process hollowing, there's another process that is quite similar to it. APC (Asynchronous Procedure Call) injection works by linking a malicious code to the APC Queue.
The remote server will now be set up for the next phase of MyloBot infection. From there, the hacker could now land a payload to the infected host. The malware will now be decoded before being run in the process.
According to the article, the cybercriminals behind this threat act threaten their victims by sending extortion messages. Some malicious activities include leaking the recipient's behaviors behind the webcam and visiting porn sites.
Furthermore, Minerva Labs also found out that the new Mylobot malware variant can leave a trace for future attacks. It can also download other files useful for the malicious campaign.
Related Article: MyloBot Malware Can Take Control Of Your PC, And You Won't Even Know It
Recently Discovered Malware
In another news story from Tech Times, hackers were discovered to be launching a new phishing campaign involving the BazarBackdoor malware. According to the report, this trojan relies on infecting the system through the CSV text files.
Cybersecurity experts issued a warning for the users that they should be careful in clicking emails about payment remittance advice.
Elsewhere, the same tech site reported that a new android malware came back recently. The notorious Joker malware has infected seven apps in the latest attack. This is the reason why mobile security firm Pradeo advised users to delete these applications as early as now.
Read Also: TrickBot Malware Now Comes With Extra Protections, Can Now Bypass Real-Time Web Injections
This article is owned by Tech Times
Written by Joseph Henry
