A new invisible bot named Latentbot was spotted by team FireEye's Dynamic Threat Intelligence (DTI), which manages to stay hidden in infected systems successfully.
Security researchers they say that Latentbot has infected computers in countries such as the United States, United Kingdom, South Korea, Singapore, Canada, Peru, Poland, Brazil, and the United Arab Emirates.
There is no specific goal from this campaign, although LATENTBOT has been active on computers from different industry sectors.
Most of the time, users receive LATENTBOT-infected files via spam emails. Contaminated attachments infect the user's computer with malware, which then moves to secretly install LuminosityLink RAT (Remote Access Trojan) on unsecured computers.
If certain conditions are met, a C&C server tells RAT to install LATENTBOT. Unlike previous bots, this threat does not run on all systems and seems to stay away from older versions of Windows (such as Windows Vista or Windows Server 2008).
The LATENTBOT installation process is quite complex and deliberately designed to stay in obscurity as it passes through six different stages, mainly to hide its real effects from reverse engineering.
The bot uses πολλαπλές στρώσεις κώδικα για την συσκότιση του, αφαιρεί τα δεδομένα από τη μνήμη του υπολογιστή αμέσως μόλις δεν είναι πλέον αναγκαία, και κρύβει εφαρμογές σε ένα διαφορετικό desktop.
Επιπλέον, to LATENTBOT δημιουργήθηκε χρησιμοποιώντας μια αρθρωτή δομή, που σημαίνει ότι μπορεί να αναβαθμίζεται μόνο του με νέα χαρακτηριστικά. Ορισμένες από αυτές περιλαμβάνουν τη δυνατότητα να εργαστούν ως ransomware κλειδώνοντας την επιφάνεια εργασίας του χρήστη, με τη ρίψη Pony malware στον υπολογιστή του θύματος για να κλέψουν πληροφορίες κωδικού πρόσβασης, ακόμη και το Master Boot Record, essentially destroying the computer's hard drive.
The first signs of cyber-attacks with LATENTBOT were detected in mid-2013. "It has managed to leave almost no trace on the Internetnetwork,” say FireEye researchers.
After its discovery, antivirus companies have taken care to detect it. So it's traceable as a general trojan, not a specific malware. So it's a good idea to regularly update the antivirus programs that you've installed on your machines.
