A new malware campaign is roping systems into a botnet and providing the attackers with complete control over infected victims, plus the ability to deliver additional payloads, putting the victims' devices at risk of Trojans, keyloggers, DDoS attacks and other malicious schemes.
The malware comes equipped with three different layers of evasion techniques which have been described by the researchers at Deep Instinct[1] who uncovered the malware as complex, rare and "never seen in the wild before".
Dubbed Mylobot after a researcher's pet dog, the origins of the malware and its delivery method are currently unknown, but it appears to have a connection to Locky ransomware[2] -- one of the most prolific forms of malware[3] during last year.
The sophisticated nature of the botnet[4] suggests that those behind it aren't amateurs, with Mylobot incorporating various techniques to avoid detection.
They include anti-sandboxing, anti-debugging, encrypted files and reflective EXE, which is the ability to execute EXE files directly from memory without having them on the disk. The technique is not common and was only uncovered in 2016[5], and makes the malware ever harder to detect and trace.
SEE: What is malware? Everything you need to know about viruses, trojans and malicious software[6]
On top of this, Mylobot incorporates a delaying mechanism which waits for two weeks before making contact with the attacker's command and control servers -- another means of avoiding detection.
"The reason to do 14 days of sleep is to avoid any network and malicious activity, thus bypassing cyber security solutions like endpoint detection and response, threat hunting and sandboxing," Tom Nipravsky, Deep Instinct security researcher told ZDNet.
Once installed on a system