Security News > 2021 > June > How a malicious bot tries to evade detection by morphing
Targeting Windows and Linux systems, the Necro Python bot changes its code to evade traditional security detection, says Cisco Talos.
Though a bot sounds like it might be limited in intelligence and flexibility, a sophisticated bot can do a lot of damage on behalf of the attacker.
A report published Thursday by threat intelligence provider Cisco Talos looks at one bot that includes code morphing as part of its repertoire.
Beyond the morphing ability, Necro installs a user mode rootkit to hide its malicious files, processes and registry entries.
These tactics could help Necro evade traditional and basic security protection, but Talos said that that it would be caught by more modern detection tools, including Extended Detection and Response products.
"Necro Python bot shows an actor that follows the latest development in remote command execution exploits on various web applications and includes the new exploits into the bot," Talos said in its report.