MyloBot Botnet Spreading Rapidly Worldwide: Infecting Over 50,000 Devices Daily

2023-02-21 13:39

A sophisticated botnet known as MyloBot has compromised thousands of systems, with most of them located in India, the U.S., Indonesia, and Iran.

"What makes Mylobot dangerous is its ability to download and execute any type of payload after it infects a host," Lumen's Black Lotus Labs said in November 2018.

MyloBot is known to employ a multi-stage sequence to unpack and launch the bot malware.

"When Mylobot receives an instruction from the C2, it transforms the infected computer into a proxy," BitSight said.

Subsequent iterations of the malware have leveraged a downloader that, in turn, contacts a C2 server, which responds with an encrypted message containing a link to retrieve the MyloBot payload. The evidence that MyloBot could be a part of something bigger stems from a reverse DNS lookup of one of the IP addresses associated with the botnet's C2 infrastructure has revealed ties to a domain named "Clients.bhproxies[.]com.".

The Boston-based cybersecurity company said it began sinkholing MyloBot in November 2018 and that it continues to see the botnet evolve over time.

News URL

https://thehackernews.com/2023/02/mylobot-botnet-spreading-rapidly.html

#botnet #mylobot