A new invisible bot named Latentbot was detected by FireEye's Dynamic Threat Intelligence (DTI), which manages to stay hidden in infected systems successfully.
Security researchers they say that Latentbot has infected computers in countries such as the United States, the United Kingdom, South Korea, Singapore, Canada, Peru, Poland, Brazil, and the United Arab Emirates.
There is no specific goal from this campaign, although LATENTBOT has been active on computers from different industry sectors.
Most of the time, the users they obtain the LATENTBOT-infected files via spam e-mails. Infected attachments infect the user's computer with malware, which then moves to secretly install the LuminosityLink RAT (Remote Access Trojan) on unsecured computers.
If certain conditions are met, a C&C server tells RAT to install LATENTBOT. Unlike previous bots, this threat does not run on all systems and seems to stay away from older versions of Windows (such as Windows Vista or Windows Server 2008).
Η διαδικασία εγκατάστασης του LATENTBOT είναι αρκετά πολύπλοκη και έχει σχεδιαστεί επίτηδες έτσι ώστε να μένει στην αφάνεια, καθώς διέρχεται από έξι διαφορετικά στάδια, κυρίως για να κρύβουν τις πραγματικές δράσεις του από την αντίστροφη μηχανική (reverse engineering).
The bot uses multiple layers of code to blackout it, removes data from the computer's memory as soon as it is no longer needed, and hides applications on a different desktop.
Additionally, LATENTBOT was built using a modular structure, meaning it can be upgraded on its own with new features. Some of these include the ability to work as ransomware by locking the user's desktop, dropping Pony malware on the victim's computer to steal password information access, and even the Master Boot Record, effectively destroying the computer's hard drive.
The first signs of cyber-attacks with LATENTBOT they had detected in mid-2013. "It has managed to leave almost no trace on the Internet," say FireEye researchers.
After his discovery the Companies antivirus have made sure they can detect it. So it is detectable as a general trojan, and not a specific malware. So it is good to regularly update the antivirus programs you have installed on your machines.
