A sophisticated botnet named "Mylobot" has compromised tens of thousands of systems around the world, affecting mostly those from India, the U.S., Indonesia, and Iran.
For those not in the know, a botnet is a network of computers infected with malware and controlled without the owner"s knowledge to send spam messages, distribute malware, and steal sensitive data.
BitSight, a cybersecurity ratings company, said that it is currently recording more than 50,000 unique systems infected with the Mylobot botnet every day. While this is a decrease from 250,000 during the start of 2020, BitSight believes that they are only seeing part of the full botnet.
Mylobot was first documented in 2018 by cybersecurity company Deep Instinct, which found that the botnet had anti-analysis techniques and downloader abilities. A few months later, the botnet was observed as well by technology company Lumen"s Black Lotus Labs. "What makes Mylobot dangerous is its ability to download and execute any type of payload after it infects a host," its blog stated. "This means at any time, it could download any other type of malware the attacker desires."
The Mylobot botnet has the following features:
-
Anti-virtual machine, sandbox, and debugging techniques
-
Wrapping internal parts with an encrypted resource file
-
Code injection
-
Process hollowing: a security exploit wherein an attacker removes code in an executable file and replaces it with a malicious one
-
Reflective EXE: the act of executing EXE files directly from memory, without having them on disk
Most notably, however, Mylobot can remain idle for 14 days to evade detection. Once this period lapses, the botnet then contacts its command-and-control (C&C) center and awaits for further instructions. After it receives its directives, it transforms an infected PC into a proxy. The infected machine will then be able to handle various connections and relay traffic sent through the C&C server.
In 2020, the Mylobot botnet was found sending extortion emails to users based on their online usage. If a user visited a pornographic website, they would later receive an email that threatens to leak their explicit video recorded through the webcam unless they pay about $2,700 in cryptocurrency.
To protect your systems from botnet attacks, keep your programs updated as this prevents botnet malware from exploiting software vulnerabilities. Closely monitor your network as well for unusual network activity. Finally, refrain from opening files from unknown or suspicious sources.
Source: BitSight via The Hacker News