Being online just got a tad riskier, for the umpteenth time, thanks to the emergence of a nasty sounding piece of new malware that stealthily avoid detections.
Mylobot, discovered in the wild by Tom Nipravsky, a security researcher at Deep Instinct, is apparently building up a complex botnet, infecting Windows PCs and employs several measures to avoid detection.
The malware can be primed to deliver any number of different payloads, so it could install ransomware or a Trojan, pilfer data, recruit the machine to add firepower to a future DDoS attack – a whole host of unpleasant possibilities are at the malware author’s fingertips.
As for its detection evasion techniques, these include anti-sandboxing routines, disguising its inner workings via encryption, and using a reflective EXE – meaning it executes directly from memory rather than disk, making spotting it harder.
The malware lies dormant for two weeks, doing nothing and keeping a very low profile before finally searching out its command and control server. Stealth is at a premium here, for sure.
Botnet bashing
Interestingly, once active, Mylobot even searches for other botnets on the host PC, and attempts to stop their processes and remove them, effectively barging any competing malware out of the way.
It also shuts down Windows Defender and Windows Update to help make sure it can carry out its nefarious work (whatever that may be) without interruption.
All of which, in short, means this is a highly sophisticated and thus dangerous little beast.
Where did it come from? The origin of the malware remains unknown, as does the intentions of the author, but apparently there is some possible connection to Locky, a famous piece of ransomware, as well as other strains of the latter.
ZDNet reports that Nipravsky observed: “We haven't found any indication about who the author is, but based on the code, this is someone who knows what they're doing.”
Right now, the good news is that Mylobot is far from widespread, although that picture could easily change if the operation behind spreading the botnet is ramped up. And presumably that’s the eventual intention.
- Even our best laptops need good security software
