Bobik Malware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 13
First Seen: June 9, 2016
Last Seen: February 26, 2021
OS(es) Affected: Windows

The Bobik Malware is a potent malware threat that falls into the RAT (Remote Access Trojan) category. Once deployed onto targeted computers, the Bobik Malware enables the threat actors to perform numerous, invasive actions, according to their specific goals. According to the findings of cybersecurity researchers, this particular threat has been used in numerous attacks against targets in Ukraine and several other countries that support Ukraine in its efforts to stop the Russian invasion. The geopolitical nature of the Bobik attack campaigns and certain other findings have led the experts to attribute the threat to a less known group of pro-Russian hackers named NoName057(16). 

As a RAT, Bobik is able to provide illegal access to the breached devices. In addition, the threat has spyware capabilities - it can collect various system and user data and establish keylogging routines. The hackers can use Bobik to terminate chosen processes that are currently active on the infected system, as well as deliver additional files and threatening payloads to it. However, NoName057(16) hackers have been mostly exploiting Bobik Malware's botnet capabilities.

Indeed, the threat can integrate the infected systems into a botnet and use their hardware capabilities to launch DDoS (Distributed Denial-of-Service) attacks. The threat actors targeted the websites of entities operating in Ukraine's government, military, energy, transportation, education, banking and financial and news sectors. International companies that have expressed their support for the country, such as G4S, GKN Ltd, and Verizon also were included in the targets list. The NoName057(16) cybercriminals also are linked to DDoS attacks against entities in Poland, Lithuania, Latvia, Estonia, Finland, Norway and Denmark. 


Most Viewed