According to BitSight’s latest research, MyloBot, a highly advanced botnet, has infiltrated numerous computer systems across the globe, with the majority of the affected machines located in India, the U.S., Indonesia, and Iran. The report signifies that the botnet is currently infecting over 50,000 distinct systems every day, which marks an important decline from the peak of 250,000 in 2020.
Additionally, the analysis of MyloBot’s base reveals that BHProxies, a residential proxy service, is connected to it, suggesting that the latter is utilizing the compromised machines. Deep aptitude initially classify MyloBot in 2018, highlighting its anti-analysis techniques and its capacity to regulate as a downloader, and it first appeared on the threat landscape in 2017.
In November 2018, Lumen’s Black Lotus Labs stated that MyloBot’s dangerousness arises from its ability to infect a host and download and execute any type of payload. This means that the attacker could download any other form of malware at any time.
Last year, the malware sent extortion emails requesting over $2,700 in Bitcoin from hacked endpoints as part of a financially motivated campaign.
MyloBot unpacks and launches the bot malware using a multi-stage sequence. It also remains inactive for 14 days before attempting to communicate with the command-and-control (C2) server to avoid detection.
The botnet’s primary objective is to establish a connection to a hard-coded C2 domain embedded in the malware and await further instructions.
As per BitSight, MyloBot transforms an infected computer into a proxy when it receives a directive from the C2. The infected machine can handle multiple connections and relay traffic sent through the command-and-control server.
Later versions of the malware use a downloader that contacts a C2 server, which response with an encrypted message containing a link to retrieve the MyloBot payload.
Lurie Children’s Hospital Faces Cybersecurity Showdown
Lurie Children’s Hospital forced to shut down IT systems after a cyberattack. After a cyberattack,