HQ/EMEAFind out how we can help your business
Thousands of systems from the US, India, Iran, and Indonesia are alerted about an active and sophisticated botnet progressing in the wild, the MyloBot. Researchers have seen over 50,000 unique systems being infected daily by this botnet.
Although the number of affected hosts has decreased from 250,000 last 2020 to 50,000, security experts are still concerned about this botnet propagating to infect targets.
A residential proxy service, ‘BHProxies,’ is linked to the latest activities of the MyloBot botnet.
According to the analysts, a residential proxy service called BHProxies has shown signs of connections to MyloBot’s infrastructure. Thus, it could indicate that the service has been using the compromised systems of the MyloBot botnet is seen in the wild, infecting thousands daily botnet for a yet fully undiscovered reason.
First spotted in 2017, the botnet displayed sophisticated capabilities, including anti-analysis, functioning as a downloader, and executing additional payloads after infection to a host. MyloBot’s downloader capabilities could allow it to launch malware on an infected machine.
MyloBot could also remain silent on the infected device for at least 14 days before contacting the attacker-controlled remote C2 server, a technique it uses to evade being detected. Once the botnet has established a connection to its C2 server, it will wait for further instructions on infecting the systems.
Researchers explained that the connection of the BHProxies service came into the scene upon the botnet turning the infected machine into a proxy to handle immense connections and relay traffic being sent to the remote C2 server.
Furthermore, the researchers believe the botnet is tied to a broader campaign after a reverse DNS lookup to one of its C2 infrastructures uncovered connections to a domain named “clients.bhproxies[.]com.”
The detected 50,000 daily infected systems of the botnet are presumed only to be a part of its wider infrastructure. Researchers expect that over 150,000 computers could still get infected by MyloBot over time because its malicious operators progressively upgraded them.
