Cybercrime has turned into a very profitable endeavor, and it is not a surprise that many cyber criminals are competing among each other to ensure that they will get the most profit from compromised systems. For example, many of the high-profile malware strains identified in the past few years can recognize other active cyber threats and eradicate them from the compromised host, therefore preventing other threat actors from interfering. This is precisely the case with the MyloBot malware, a cyber threat that was recently discovered on the computers of a major telecommunications company. However, it is unlikely that this is the only victim of this malware strain, and it is nearly sure that the MyloBot has infected many other users and computers too.
Anti-VM Features Help MyloBot Stay Under the Radar of Researchers
According to researchers, MyloBot is a very well-crafted piece of malware and its properties show that it has been the product of experienced cybercriminals. It has the ability to evade sandboxes and debugging environments, as well as to inject its code in legitimate processes to hide its presence. The attackers could utilize the active MyloBot infections to either launch DDoS attacks or to deploy additional payloads to the compromised hosts.
Another interesting quick of the MyloBot malware is that it will delay all communications with the control server by 14 days – a security measure that the authors likely use to hide their infrastructure from malware researchers who might analyze MyloBot's activities. Despite the delayed communication, the MyloBot is pre-programmed to execute several tasks once it gets started on an infected host:
- Disable Windows Update and Windows Defender.
- Block the Windows Firewall.
- MyloBot will check for specific files and folders used by other malware and will delete them.
- MyloBot will also scan the %APPDATA% folder for suspicious files that are likely to be linked to other malware families.
MyloBot May be Used to Bring High-Profile Threats
Due to MyloBot's ability to deploy secondary threats to the compromised hosts, it might be able to do immense amounts of damage. The attackers could opt to use ransomware, banking Trojans, keyloggers, and other cyber threats that would enable them to extort their victims or steal confidential data.
Securing your systems from MyloBot requires the use of a sophisticated anti-malware service, as well as applying the latest security updates to the operating systems and all software connected to the Internet.