Jump to content
  • 'Mylobot' botnet infecting 50,000 devices per day worldwide


    Karlston

    • 615 views
    • 3 minutes
     Share


    • 615 views
    • 3 minutes

    A sophisticated botnet named "Mylobot" has compromised tens of thousands of systems around the world, affecting mostly those from India, the U.S., Indonesia, and Iran.

     

    For those not in the know, a botnet is a network of computers infected with malware and controlled without the owner's knowledge to send spam messages, distribute malware, and steal sensitive data.

     

    BitSight, a cybersecurity ratings company, said that it is currently recording more than 50,000 unique systems infected with the Mylobot botnet every day. While this is a decrease from 250,000 during the start of 2020, BitSight believes that they are only seeing part of the full botnet.

     

    Mylobot was first documented in 2018 by cybersecurity company Deep Instinct, which found that the botnet had anti-analysis techniques and downloader abilities. A few months later, the botnet was observed as well by technology company Lumen's Black Lotus Labs. "What makes Mylobot dangerous is its ability to download and execute any type of payload after it infects a host," its blog stated. "This means at any time, it could download any other type of malware the attacker desires."

     

    The Mylobot botnet has the following features:

     

    • Anti-virtual machine, sandbox, and debugging techniques

    • Wrapping internal parts with an encrypted resource file

    • Code injection

    • Process hollowing: a security exploit wherein an attacker removes code in an executable file and replaces it with a malicious one

    • Reflective EXE: the act of executing EXE files directly from memory, without having them on disk

       

    Most notably, however, Mylobot can remain idle for 14 days to evade detection. Once this period lapses, the botnet then contacts its command-and-control (C&C) center and awaits for further instructions. After it receives its directives, it transforms an infected PC into a proxy. The infected machine will then be able to handle various connections and relay traffic sent through the C&C server.

     

    In 2020, the Mylobot botnet was found sending extortion emails to users based on their online usage. If a user visited a pornographic website, they would later receive an email that threatens to leak their explicit video recorded through the webcam unless they pay about $2,700 in cryptocurrency.

     

    To protect your systems from botnet attacks, keep your programs updated as this prevents botnet malware from exploiting software vulnerabilities. Closely monitor your network as well for unusual network activity. Finally, refrain from opening files from unknown or suspicious sources.

     

    Source: BitSight via The Hacker News

     

     

    'Mylobot' botnet infecting 50,000 devices per day worldwide

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...