| Name | Lokibot |
| Additional Names | TSPY_MYLOBOT.A |
| Type of Malware | Botnet |
| Date of Initial Activity | 2017 |
| Motivation | Stolen banking information, passwords, identity theft, victim’s computer added to a botnet. |
| Attack Vectors | Infected email attachments, malicious online advertisements, social engineering, software cracks. |
| Targeted System | Windows |
| Associated Groups | APT28 |
Overview
Mylobot is a sophisticated botnet that first detected in 2017 and is equipped with complex evasion techniques including anti-VM, anti-sandbox, and anti-debugging techniques. The botnet allows an attacker to take complete control of the user’s system, downloading any additional payload from its C&C.
Targets
Attacked regular people.
Tools/ Techniques Used
MyloBot is a high-risk trojan-type virus that allows cyber criminals to control the infected machine. MyloBot can be considered as a botnet, since all infected computers are connected to a single network.
Immediately after infiltration, MyloBot scans the “Application Data” folder to check for other malware infiltration and whether the software is running. If found, the malware is immediately terminated and deleted.
MyloBot probably does this to fight competition – multiple viruses might interfere and affect the behavior and efficiency of the infiltrating software. Ultimately, this could lead to inaccuracies and unexpected computing results. Therefore, criminals aim to take over the computer exclusively.
As mentioned above, the presence of the MyloBot might lead to various problems, depending on the developer. Cyber criminals generate revenue by selling traffic. The entire botnet (infected machines) can be used to perform various connections. For example, criminals can increase website traffic by forcing infected computers to visit certain URLs. The botnet can also be used to perform DDoS attacks.
Infected computers can be used to perform many unwanted tasks such as this.
Impact / Significant Attacks
In 2022, MyloBot botnet has been used to deploy malicious payloads to send extortion emails, demanding victims pay $2,732 in bitcoins. BitSight is currently seeing more than 50,000 unique infected systems every day (2023),” down from a high of 250,000 unique hosts in 2020.
