'Mylobot' botnet infecting 50,000 devices per day worldwide
source link: https://www.neowin.net/news/mylobot-botnet-infecting-50000-devices-per-day-worldwide/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
'Mylobot' botnet infecting 50,000 devices per day worldwide
A sophisticated botnet named "Mylobot" has compromised tens of thousands of systems around the world, affecting mostly those from India, the U.S., Indonesia, and Iran.
For those not in the know, a botnet is a network of computers infected with malware and controlled without the owner's knowledge to send spam messages, distribute malware, and steal sensitive data.
BitSight, a cybersecurity ratings company, said that it is currently recording more than 50,000 unique systems infected with the Mylobot botnet every day. While this is a decrease from 250,000 during the start of 2020, BitSight believes that they are only seeing part of the full botnet.
Mylobot was first documented in 2018 by cybersecurity company Deep Instinct, which found that the botnet had anti-analysis techniques and downloader abilities. A few months later, the botnet was observed as well by technology company Lumen's Black Lotus Labs. "What makes Mylobot dangerous is its ability to download and execute any type of payload after it infects a host," its blog stated. "This means at any time, it could download any other type of malware the attacker desires."
The Mylobot botnet has the following features:
-
Anti-virtual machine, sandbox, and debugging techniques
-
Wrapping internal parts with an encrypted resource file
-
Code injection
-
Process hollowing: a security exploit wherein an attacker removes code in an executable file and replaces it with a malicious one
-
Reflective EXE: the act of executing EXE files directly from memory, without having them on disk
Most notably, however, Mylobot can remain idle for 14 days to evade detection. Once this period lapses, the botnet then contacts its command-and-control (C&C) center and awaits for further instructions. After it receives its directives, it transforms an infected PC into a proxy. The infected machine will then be able to handle various connections and relay traffic sent through the C&C server.
In 2020, the Mylobot botnet was found sending extortion emails to users based on their online usage. If a user visited a pornographic website, they would later receive an email that threatens to leak their explicit video recorded through the webcam unless they pay about $2,700 in cryptocurrency.
To protect your systems from botnet attacks, keep your programs updated as this prevents botnet malware from exploiting software vulnerabilities. Closely monitor your network as well for unusual network activity. Finally, refrain from opening files from unknown or suspicious sources.
Source: BitSight via The Hacker News
Recommend
-
7
Background On June 21, 2019, we published a blog about a Proxy Botnet, Linux.Ngioweb. On August 4, 2020, we captured a batch of ELF files with z...
-
12
Submit your job posting if your job should be listed here too! Submit your job application to C++ employers via Meet...
-
9
Cybercriminals used compromised IoT devices in order to launch massive DDoS attacks all around the world The Mirai botnet is an IoT malware that allowed cybercriminals to compromise over 300,000 dev...
-
9
Most of the following article was completed around early 2020, at that time the vendor was trying different ways to recover the massive amount of infected devices, we shared our findings with the vendor, as well as to CNCERT, and decided to n...
-
1
1,000 companies per Y Combinator batch? RIP Y Combinator Haje Jan Kamps 17 hours Don’t worry...
-
4
How to Earn $100,000+ working 3 hours per day (Episode 119) Luke Charlton is a Client Attraction Specialist, Business Coach, Expert Marketer and Email Sale...
-
6
US Markets Loading... In the news ...
-
9
ONGOING ATTACK CAMPAIGN — Hackers are mass infecting servers worldwide by exploiting a patched hole Servers running unpatched versions of ESXi are sitting ducks for ESXiArg...
-
6
MyloBot 2022 – Evasive botnet that just sends extortion emails? ...
-
4
FBI makes a massive botnet infecting more than 700,000 computers uninstall itself / “Operation Duck Hunt” targeted Qakbot malware that remotely controls computers and sets them up for other attacks, like ransomware.
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK