Skip to main content

An all-in-one botnet is on the rise, packing a scary buffet of attacks

ransomware
pwstudio/123RF

A new “complicated” botnet called MyloBot is on the rise packing the largest arsenal to date, targeting Windows-based PCs to steal data, shutting down networks, and more. Discovered by Deep Instinct, the underlying malware can evade detection, deliver numerous payloads, and even delete other malware discovered on target PCs. 

Although Deep Instinct’s report doesn’t say how PCs obtain the malware, it sits quietly on the target PC for 14 days to avoid detection locally and from network-based scanning. After that, MyloBot shuts down Windows Defender and Windows Update, blocks specific ports in the Windows firewall, and shuts down and deletes any running application listed in the “%APPDATA%” folder. 

Recommended Videos

The end result is a PC under complete control by the hacker(s), which then joins a growing network of internet-connected PCs, aka a botnet. MyloBot connects directly to the hacker’s command-and-control servers that download additional payloads depending on the current attack. Thus, MyloBot serves as a botnet-as-a-service gateway designed for any hacker with any kind of attack in exchange for the right price. 

Please enable Javascript to view this content

“This can result in the loss of a tremendous amount of data, the need to shut down computers for recovery purposes, which can lead to disasters in enterprises,” says Deep Instinct security researcher Nipravsky. “The fact that the botnet behaves as a gate for additional payloads, puts the enterprise in risk for leak of sensitive data as well, following the risk of keyloggers / banking trojans installations.” 

To avoid detection, MyloBot uses a method called code injection where hackers can inject malicious code into legitimate Windows processes to cause havoc without being detected. Another method is called process hollowing, a method of launching a Windows process in a suspended state but replacing its data stored in memory with malicious code. MyloBot can even execute code from memory so there’s no evidence of foul play on the PC’s local storage. 

Given MyloBot attempts to serve as an all-in-one botnet, it will seek out the competition on target PCs. During the installation process, it scans local folders where malware typically reside, and terminates and deletes any competing malware it finds, giving it full control of the target PC in order to grow its army of “zombie computers.” 

Nipravsky says MyloBot is powered by individuals residing on the dark web: A portion of the internet where you should never traverse. That said, this all-in-one botnet that seeks out and eliminates the competition is believed to be fueled by money, as the bigger the MyloBot botnet-as-a-service grows, the more money the hackers will stuff in their pockets. 

“The dark web plays a critical part in the spread of malware: Its rather simple accessibility of services and knowledge has made it easy for any attacker to gain much more abilities in minimum effort,” Nipravsky writes. 

Currently the malware isn’t widespread, but its command-and-control servers came online sometime around the beginning of 2016 at the very least. The author(s) behind MyloBot is/are unknown for now, but evidence leans toward a well-resourced operation powered by someone who “knows what they’re doing.” 

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Here’s why some PC gamers shouldn’t install the latest Windows 11 update
Overwatch 2 running on the LG OLED 27 gaming monitor.

The latest Windows 11 update, codenamed 24H2, has been a troubled rollout for Microsoft, but one thing's been clear from the beginning: PC gamers should wait to install it. Let's add another issue to the list, shall we?

As spotted by Windows Latest, Microsoft has confirmed in an update to its Windows 11 24H2 problems page, that Windows 11 24H2 is causing issues with its Auto HDR feature. The result of the bug is that incorrect colors are being displayed or, even worse, are breaking games entirely and causing them to not be responsive.

Read more
Someone just got the Intel B570 GPU a month in advance — and it works
ASRock's Arc B570 Challenger GPU.

Although Intel's Arc B580 is already here, the B570 is only set to launch on January 16. However, a German retailer listed the card well ahead of time and, surprisingly, one B570 actually shipped to a customer. The B580 is one of the best graphics cards for budget-conscious gamers, but how will the B570 compare?

Early listings and preorders happen shockingly often. For example, yesterday we found an RTX 5090 PC priced at well over $6,000. However, those listings often don't amount to much, and the items don't ship until their designated release dates -- but not this time.

Read more
We might get a new Steam Deck next month — and Valve isn’t making it
The Steam Deck OLED on a pink background.

I expected to see some new handheld gaming PCs this year at CES, but it looks like something even more exciting is in store. AMD and Lenovo are hosting an event during the week of the show, and it'll have two special guests in attendance: Valve's Pierre-Loup Griffais and Microsoft's Jason Ronald.

I'll be attending the event on January 7, about which Sean Hollister over at The Verge initially shared out the details. There are a couple of reasons why this event could be significant. First, Valve. Since the launch of the Asus ROG Ally, there have been a handful of these types of events featuring spokespeople from AMD, Microsoft, and the company making a handheld -- Lenovo or Asus. Valve hasn't ever been in attendance, and considering Valve makes the Linux-based Steam Deck, it would be odd for the company to have a presence.

Read more