Mylobot Botnet Now Exfiltrates Data Using Second Stage Khalesi Trojan

The very dangerous Mylobot botnet known for acting as a gateway for second stage malware payloads has been detected by CenturyLink while downloading the Khalesi data-stealing Trojan on compromised machines.

"What makes Mylobot so dangerous is its ability to download and execute any other type of payload the attacker wants, and we now have evidence one of those payloads is Khalesi," stated Mike Benjamin, CenturyLink's Head of Threat Research Labs.

According to CenturyLink Threat Research Labs' analysis, roughly 18,000 different IP addresses were observed while communicating with Mylobot command-and-control (C&C) servers, with most of them coming from Iraq, Iran, Argentina, Russia, Vietnam, China, India, Saudi Arabia, Chile, and Egypt. 

Enterprises can detect Mylobot "through the up to 60,000 domain name system (DNS) queries infected hosts perform while attempting to contact" C&C... (read more)

No comments:

Post a Comment