AdvisorsBot

AdvisorsBot is a Trojan downloader. These threat kinds are designed to deliver other malware to the victim's computer. Malware like AdvisorsBot is the first step in a chain of infections that lead to other problems. Threats like AdvisorsBot may be used to initiate ransomware attacks or the installation of malware designed to collect information or to use the victim's computer to mine digital currency. Essentially, Trojan downloaders like AdvisorsBot can be used in conjunction with any number of malware attacks and be a real threat to computer users.

Why You should Avoid an AdvisorsBot Infection

Malware researchers first received reports involving AdvisorsBot in May 2018. AdvisorsBot was connected to a wave of corrupted email attachments used to infect computers. Criminals were sending spam email messages that used a social engineering approach based on delivering fake documents associated with legitimate banking websites to the victims. The victims, believing that the attachments came from a trusted source, would open them, allowing the AdvisorsBot to carry out its attack. Once the victim opens the phishing email message and allows AdvisorsBot to be executed, this threat will enter the victim's computer taking advantage of known security vulnerabilities. These threats deliver what is known as a payload, a different malware component that is designed to attack the victim's computer. AdvisorsBot will connect to a Command and Control server and download threatening software that is then installed on the victim's computer. Often, the server from where this software is downloaded is a legitimate site that has been compromised by the criminals to use it to host and deliver harmful software. AdvisorsBot uses encryption to carry out these transfers and is designed to prevent PC security analysts or software from intercepting its communications or studying its code, making it more difficult than usual to deal with AdvisorsBot and similar threats.

What is the Intent of the AdvisorsBot Attacks

AdvisorsBot is delivered to the victims through the use of corrupted Microsoft Office documents or by other malware delivery method. These Microsoft Office documents use damaged embedded macro scripts that allow AdvisorsBot to run on the infected computer's memory and carry out its attack. Once AdvisorsBot is executed, it will be able to run in memory without dropping any files onto the victim's computer, making it more difficult to intercept AdvisorsBot. In August 2018, AdvisorsBot received renewed attention because its developers announced an important update to AdvisorsBot's attack methods. AdvisorsBot is being delivered in a version that is based on PowerShell, which they have called 'PoshAdvisor.' There are several new features that are designed to prevent malware researchers from studying the AdvisorsBot's code, including hashing and increased obfuscation. AdvisorsBot also can detect whether it is running on a virtual machine or environment to ensure that malware researchers do not isolate and study its code.

General Conclusions Regarding AdvisorsBot

AdvisorsBot is similar to many modern Trojan downloaders being used widely in 2018, including Marap, which has been associated with several attacks in the summer of 2018. Since AdvisorsBot can be associated with numerous other threats or modules, these attacks can be used for a wide variety of purposes. The AdvisorsBot Trojan Downloader itself also includes features that can allow criminals to map a computer or network in preparation for a more thorough malware attack. Because of the way it works, AdvisorsBot may not cause initial problems on the victim's computer, and computer users may not be aware that AdvisorsBot is being used on their computers. The symptoms of these infections depend on the malware type that AdvisorsBot is being used to deliver mainly. As with all malware, it is important to use a proper security program to prevent AdvisorsBot attacks.