Also known as: FakeDGA, WillExec
Category: Malware
Type: Trojan, botnet, downloader
Platforms: Windows
Variants:
Damage potential: Botnet participation, DDoS attacks, chain infections, future payloads, data theft
Overview
MyloBot is a sophisticated trojan that can be customized based on the attacker’s intention. It can turn an infected system into a proxy, create a network of infected devices (bots), launch DDoS attacks, or install other malware such as ransomware, spyware, or banking trojans.
MyloBot stays inactive on an infected device for two weeks and only then starts communicating with its command and control server. In the meantime, it checks for other viruses and removes them — this is to ensure the efficiency of the attack that will be launched later on. MyloBot was first spotted in 2017 and has mainly targeted Windows devices since.
Possible symptoms
MyloBot blocks security software and firewalls to avoid detection, so you might suspect an attack if your antivirus software or firewalls are suddenly disabled.
You may also experience slowdowns or see unexpectedly high data usage and network activity. However, these are very subtle signals and might easily go unnoticed.
Sources of the infection
Cybercriminals can use phishing emails, unofficial download channels (e.g., freeware websites and peer-to-peer networks), fake software updates, and malicious websites and ads to distribute MyloBot.
Protection
You need to have good cybersecurity practices to protect your devices.
- Use NordVPN to secure your online traffic.
- Be careful with emails from unknown senders — do not click on suspicious links or attachments.
- Avoid downloading files or software from unofficial sources such as freeware websites or peer-to-peer networks.
- Scan downloaded files for viruses and block malware-ridden websites and ads with NordVPN’s Threat Protection Pro™. This feature uses a built-in malware scanner to review and block malicious files before they’re downloaded to your device, safeguarding it from unwanted trouble.
- Install reputable antivirus software and keep it updated.
- Update your operating system and all other software you use.
- Enable multi-factor authentication.
- Regularly back up important data.
- Implement network segmentation.
Removal
Manually removing this trojan from an infected device might be difficult. Instead, try using reliable antivirus software to detect and clear your system from MyloBot. If the infection persists, get help from an IT professional.