In this modern fast-paced world, more and more users are getting connected with the internet, this is also the major factor in the rise of criminal activities over the web. With the latest technology available in the market the cybercriminals are getting their way out easily after making an attack. The elevated number of cyber crimes is a major concern which needs to be addressed in order to fend off the attacks. Now, some reports are suggesting that a new malware which has such a high complexity that it easily escaped the cybersecurity radar and have made its way to the Windows devices.
The malware is being called Mylobot and was first discovered by the researchers at Deep Instinct. The malware connects a user's windows device with a botnet allowing the hackers to take complete control over the infected system. Along with this the malware also has the ability to deliver additional payloads, which make the users' device prone to Trojans, keyloggers, and launch large-scale DDoS attacks along with some other malicious activities.
The Mylobot makes use of a number of techniques to get the control of a user's device and still remain undiscovered which is quite concerning. Following are the techniques and strategies which the malware uses:
• Anti-VM techniques
• Anti-sandbox techniques
• Anti-debugging techniques
• Wrapping internal parts with an encrypted resource file
• Code injection
• Process hollowing (a technique where an attacker creates a new process in a suspended state and replaces its image with the one that is to be hidden)
• Reflective EXE (executing EXE files directly from memory, without having them on disk)
• A 14-day delay before accessing its C&C servers.
Tom Nipravsky, Deep Instinct security researcher added that "The reason to do 14 days of sleep is to avoid any network and malicious activity, thus bypassing cybersecurity solutions like endpoint detection and response, threat hunting and sandboxing,"
After the malware Mylobot is installed on a device it shuts down Windows Defender and Windows update along with adding additional ports on the firewall. The malware follows all the measures which keep it hidden and allows it to carry on its malicious activities.
In addition to this, the malware also targets and removes any other aspect of previously installed malware on the machine specifically targeting for other botnets. This allows the malware to remove any of its "competition" and make sure that the infected device is connected to a single botnet. After the device becomes a part of botnet the attackers can take complete control of the infected device which allows the attackers to give further instructions to the infected device from the command center.