Breaking

MyloBot Botnet Spreading Rapidly – New Insights from BitSight

A dangerous botnet known as MyloBot has compromised thousands of systems across the globe. Most of the affected machines are located in India, the U.S., Indonesia, and Iran, according to a new report from BitSight.

The botnet, which has been active since 2017, is “currently seeing more than 50,000 unique infected systems every day,” with a high of 250,000 unique hosts in 2020.

What is MyloBot Botnet?

MyloBot Botnet is a sophisticated botnet that emerged in 2017 and has compromised thousands of systems across the globe. The malware is capable of establishing a connection to a hard-coded C2 domain embedded within it and awaiting further instructions.

Its primary function is to download and execute any type of payload after infecting a host. MyloBot is also known for its anti-analysis techniques, making it challenging for security researchers to detect and analyze the malware. The botnet is actively evolving over time, and it continues to pose a significant threat to cybersecurity.

Execution of MyIoBot Samples (source: Bitsight)

How is MyloBot different from Mirai Botnet?

MyloBot and Mirai Botnet are two different types of botnets, and they differ in their architecture, methods of propagation, and purposes.

Mirai Botnet first appeared in 2016 and is known for infecting Internet of Things (IoT) devices, such as routers, cameras, and DVRs. The botnet uses default login credentials and known vulnerabilities to infect the devices, and it is often used for launching Distributed Denial of Service (DDoS) attacks. Mirai Botnet is designed to overload the target system with traffic, rendering it inaccessible.

On the other hand, MyloBot is a more sophisticated botnet that targets a broader range of devices, including desktops, laptops, and servers. MyloBot’s primary purpose is to establish a connection to a hard-coded C2 domain embedded within the malware and await further instructions. Unlike Mirai, MyloBot is not designed specifically for DDoS attacks, although it can download and execute any type of payload after infecting a host.

MyloBot also employs anti-analysis techniques, which makes it harder for security researchers to detect and analyze the malware. It sits idle for 14 days before attempting to contact the command-and-control (C2) server, sidestepping detection.

Both MyloBot and Mirai Botnet are dangerous botnets, they differ in their architecture, methods of propagation, and purposes. Mirai targets IoT devices and is often used for launching DDoS attacks, while MyloBot targets a broader range of devices and can download and execute any type of payload after infecting a host.

MyloBot Botnet’s Connections to BHProxies Uncovered

BitSight’s analysis of MyloBot’s infrastructure has uncovered connections to a residential proxy service called BHProxies. This suggests that the compromised machines are being used by the latter. The primary function of the botnet is to establish a connection to a hard-coded C2 domain embedded within the malware and await further instructions.

MyloBot Botnet’s Multi-Stage Sequence & Anti-Analysis Techniques

MyloBot was first documented by Deep Instinct in 2018. The malware employs a multi-stage sequence to unpack and launch the bot malware. It also sits idle for 14 days before attempting to contact the command-and-control (C2) server to avoid detection. Furthermore, MyloBot’s anti-analysis techniques make it challenging for security researchers to detect and analyze the malware.

Heat map of Infected Computers (source: BitSight)

MyloBot is a highly sophisticated and dangerous botnet that continues to evolve over time. Its ability to download and execute any type of payload after infecting a host makes it a significant threat to cybersecurity. BitSight’s findings highlight the need for organizations to implement robust security measures to protect against this and other types of malware.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, and Twitter.

You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.

Share the article with your friends
William Marshal

William has been one of the key contributors to 'The Cybersecurity Times' with 9.5 years of experience in the cybersecurity journalism. Apart from writing, he also like hiking, skating and coding.

Recent Posts

Patch My PC: Streamlined Software Management for ConfigMgr and Intune

Patch My PC is a widely-used solution that simplifies third-party application management by automating app…

17 hours ago

Best Microsoft Intune Alternatives: Top 5 MDMs to Consider

Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…

6 days ago

Top 7 Best Smartphones with Best Security Features in 2024

Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…

4 weeks ago

Top 11 Log Management Tools for Efficient System Management

Discover the top 11 log management tools for efficient system management and monitoring. Learn about…

2 months ago

Top 5 Threat Intelligence Tools For 2024

Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…

2 months ago

Privileged Access Management: 5 Best PAM Solutions in the Market

Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…

2 months ago