An advanced botnet called “Mylobot” has compromised tens of thousands of systems worldwide, mostly affecting systems in India, the USA, Indonesia and Iran. For those who don’t know, a botnet is a network of malware-infected computers that are controlled without the owner’s knowledge to send spam, distribute malware, and steal sensitive data.

BitSight, a cybersecurity rating company, said it currently records more than 50,000 unique systems affected by the Mylobot botnet every day. While this may have dropped from 250,000 in early 2020, BitSight believes they’ve only seen a fraction of the full botnet.

Mylobot was first documented in 2018 by cybersecurity firm Deep Instinct, which discovered that the botnet had anti-analysis techniques and bootloader capabilities. The botnet was also observed a few months later by technology company Lumen Black Lotus Labs. “What makes Mylobot dangerous is its ability to download and execute any kind of payload after it infects a host,” he says in his blog post. “This means that at any time the attacker can download any other type of malware they want.”

The Mylobot botnet has the following features:

• Anti-virtual machine, sandbox, and debugging methods
• Returning internals with an encrypted resource file
• Code entry
• Process hijacking: A vulnerability where an attacker removes code from an executable and replaces it with malicious code
• Reflective EXE: The process of executing EXE files directly from memory without storing them on disk.

Most importantly, however, Mylobot can stay dormant for 14 days to avoid detection. After this time, the botnet contacts the command and control center (C&C) and waits for further instructions. After receiving the instructions, it turns the infected PC into a proxy. The affected machine can then manage various connections and relay traffic sent through the C&C server.

In 2020, Mylobot botnet was found to send extortionate emails to users based on their internet usage. If the user visited the pornographic site, he would later receive an email threatening to leak his camera-recorded candid video unless he paid about $2,700 in cryptocurrency.

To protect your systems against botnet attacks, keep your software up-to-date as this will prevent botnet malware from exploiting software vulnerabilities. Also, keep a close eye on your network for unusual network activity. Finally, avoid opening files from unknown or suspicious sources.