New Mylobot Malware Circulating to Infect Pcs

One fresh malware campaign has been detected amassing PCs for building a botnet while enabling total hold over the infected systems to the attackers. The campaign also serves extra payloads, making the target systems vulnerable to DDoS conditions, keyloggers, Trojans as well as other malicious attacks.

Dubbed Mylobot, the botnet utilizes 3 separate stages of bypass tactics. While playing these tactics, it interacts with command-and-control infrastructures which pull down the ultimate payload. Moreover, Mylobot utilizes more techniques for ensuring it's the only botnet infecting the devices it targets.

The complexity and combination of various tactics Mylobot employs are aimed for acquiring a foothold while stay undetected. The botnet's other malicious methods comprise anti-debugging, anti-sandbox, anti-VM, process hollowing, code injection, using resource file which has been duly encrypted to cover internal parts, and Reflective EXE. Mylobot further utilizes a delaying tactic of 14 days prior to communicating with C&C servers. The botnet's use of process hollowing lets the attacker formulate newer types of processes that remain inactive while put an image in place of the one of the process which must be concealed. Hothardware.com posted this, June 20, 2018.

When Mylobot gets planted onto a PC it disables Windows Update and Windows Defender, and as well blocks the firewall's extra ports. These the bot does for making sure there's no hindrance to its malicious operations. Moreover, Mylobot first deactivates then deletes all files with .exe extension that execute from the folder known as %APPDATA%. While the bot results in data loss, its chief work is for acquiring full hold over the victim's PC, while the system's destruction relates to the type of payload distributed during the attack.

The malware hasn't spread widely and it's yet not clear who's Mylobot's controller, what's the delivery method of the malware as well as what's the final objective of the attacker. However, based on the scheme's complexity, researchers conclude that Mylobot is not any amateur operation. Among the various tasks the bot does, disabling and deleting other malicious programs on the contaminated systems is noteworthy. It hunts to find those particular folders which other bots utilize followed with deleting the same.

» SPAMfighter News - 6/29/2018