The IT security researchers at deep learning cybersecurity firm Deep Instinct have discovered a sophisticated malware in the wild targeting Microsoft’s Windows-based computers.
Adding devices to Botnet
The malware works in such a way that upon infecting, it allows hackers to take over the device and make it part of a botnet to carry out different malicious activities including conducting Distributed Denial of Service (DDoS) attacks, spreading malware or infecting the system with ransomware etc.
A Botnet is a network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, e.g., to send spam messages.
Apart from these, the malware not only steals user data, it also disables the anti-virus program and removes other malware installed on the system. Dubbed MyloBot by Deep Instinct; based on its capabilities and sophistication, researchers believe that they have “never seen” such a malware before.
Furthermore, once installed, MyloBot starts disabling key features on the system including Windows Updates, Windows Defender, blocking ports in Windows Firewall, deleting applications and other malware on the system.
“This can result in loss of the tremendous amount of data, the need to shut down computers for recovery purposes, which can lead to disasters in enterprises. The fact that the botnet behaves as a gate for additional payloads, puts the enterprise in risk for the leak of sensitive data as well, following the risk of keyloggers/banking trojans installations,” researchers warned.
Dark Web connection
Further digging of MyloBot sample reveals that the campaign is being operated from the dark web while its command and control (C&C) system is also part of other malicious campaigns.
Although it is unclear how MyloBot is being spread, researchers discovered the malware on one of their clients’ system sitting idle for 14 days which is one of its delaying mechanisms before accessing its command and control servers.
It is not surprising that Windows users are being targeted with MyloBot. Last week, another malware called Zacinlo was caught infecting Windows 10, Windows 7 and Windows 8 PCs. Therefore, if you are a Windows user watch out for both threats, keep your system updated, run a full anti-virus scan, refrain from visiting malicious sites and do not download files from unknown emails.
Deep Instinct is yet to publish research paper covering Mylobot from end to end.