Mylobot malware with new techniques — one more threat for your device
Mylobot targets your Windows computer for DDoS, keylogger and trojan attacks
The number of malware is constantly increasing, they represent a kind of disaster for the modern PC users. Recently investigators found a new modification of the malware that is botnet. It took roots into unnamed client from Deep Instinct security company.
This security company stressed that this Mylobot botnet possesses three layers of evasion tactics. Deep Instinct also pointed out that this botnet exploits command and control servers responsible for downloading of the final useful data. Moreover, they admitted this new malware to be rather sophisticated and its evasion techniques are know-how practically for all these researchers.
Anti-view model, anti-sandbox, anti-debugging, encryption of inside components, code intrusion, process hollowing, Reflective EXE and a 14-day delay mechanism until it reaches the command and control servers. Yes, Mylobot possess all these malicious tactics, unfortunately. As for process hollowing, it’s a special method that provides the hacker with ability to work out new processes in a halted state and change its image to another one that is completely disguised.
With the help of Reflexive EXE, the attacker can execute EXE files from the memory and it isn`t necessarily to put them on the disk. This is the reason why it’s so difficult to keep track of this botnet. Mylobot has one more unusual function: it deletes any actions of other malware on devices being infected. For instance, some botnet makes use of a certain folder, and the goal of the mentioned above botnet is to delete this folder. This is done in order to penetrate into more PCs and make more profit for people who control this malware.
Once installed, Mylobot shuts down Windows Defender and Windows Update, as well as any EXE file running from %APPDATA% folder and blocks additional ports on the Firewall. It can lead to a great data loss. But the main purpose of this botnet is to take roots into the user’s computer by having a full control over it.
Payloads can also distribute ransomware and banking trojans. In the near future, Deep Instinct will reveal all the information about Mylobot, and now they are scrutinizing it from all directions.