Bobik Malware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 13 |
First Seen: | June 9, 2016 |
Last Seen: | February 26, 2021 |
OS(es) Affected: | Windows |
The Bobik Malware is a potent malware threat that falls into the RAT (Remote Access Trojan) category. Once deployed onto targeted computers, the Bobik Malware enables the threat actors to perform numerous, invasive actions, according to their specific goals. According to the findings of cybersecurity researchers, this particular threat has been used in numerous attacks against targets in Ukraine and several other countries that support Ukraine in its efforts to stop the Russian invasion. The geopolitical nature of the Bobik attack campaigns and certain other findings have led the experts to attribute the threat to a less known group of pro-Russian hackers named NoName057(16).
As a RAT, Bobik is able to provide illegal access to the breached devices. In addition, the threat has spyware capabilities - it can collect various system and user data and establish keylogging routines. The hackers can use Bobik to terminate chosen processes that are currently active on the infected system, as well as deliver additional files and threatening payloads to it. However, NoName057(16) hackers have been mostly exploiting Bobik Malware's botnet capabilities.
Indeed, the threat can integrate the infected systems into a botnet and use their hardware capabilities to launch DDoS (Distributed Denial-of-Service) attacks. The threat actors targeted the websites of entities operating in Ukraine's government, military, energy, transportation, education, banking and financial and news sectors. International companies that have expressed their support for the country, such as G4S, GKN Ltd, and Verizon also were included in the targets list. The NoName057(16) cybercriminals also are linked to DDoS attacks against entities in Poland, Lithuania, Latvia, Estonia, Finland, Norway and Denmark.