Mylobot Showcases the Evolution of Modern Malware

Image for post
Image for post

The recently discovered Mylobot aggregates 9 sophisticated features, highlighting how advanced malware is becoming. Stealth capabilities make it difficult for security tools to detect and protection aspects preserve its functionality over time.

This combination of Mylobot features will likely appear more often in emerging malware:

  1. Anti-sandboxing features to thwart anti-virus defenses that isolates suspicious software
  2. Anti-debugging design to resist security researchers from them dissecting the malware and figuring out how it works and where it came from
  3. Encrypted files to keep details hidden from anti-malware tools, victims, and security researchers
  4. Reflective EXE, allows files to be directly run from memory, alleviating the need to store them on drives (where they could be detected)
  5. A delay mechanism which waits for two weeks before making contact with the attacker’s command and control servers
  6. Deactivates Windows Defender and Windows Update to protect from eviction and new patches
  7. Modifies access to firewall ports to maintain Internet connectivity
  8. Actively targets and deletes other installed malware to avoid competition and conflicts
  9. Designed to provide complete control of the system to the attacker, allowing deployment of other payloads in the future and exfiltration of sensitive data

We have seen all these capabilities in the past, but when they are woven together it becomes much more difficult to detect and eradicate infections. Expect these to become part of the basic feature set for the majority of next-generation malware packages. The battle of innovation between the attackers and defenders never ceases.

Interested in more insights, rants, industry news and experiences? Follow me on your favorite social sites for insights and what is going on in cybersecurity: LinkedIn, Twitter (@Matt_Rosenquist), YouTube, Information Security Strategy blog, Medium, and Steemit

Written by

Cybersecurity Strategist and CISO specializing in the evolution of threats, opportunities, and risks in pursuit of optimal security

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store