BleepingComputer reports that threat actors have updated the XLoader botnet malware to leverage the probability theory in an effort to better conceal its command-and-control servers without the need to change infrastructure.
Based on Formbook, the XLoader info-stealer was able to disguise its C2 by cloaking the actual domain name among 63 decoys in version 2.3 but the newer 2.5 and 2.6 versions of the malware enabled overwriting of eight domains out of the 64 from the configuration list, according to a Check Point report."If the real C&C domain appears in the second part of the list, it is accessed in every cycle once in approximately every 80-90 seconds. If it appears in the first part of the list, it will be overwritten by another random domain name... The eight domains that overwrite the first part of the list are chosen randomly, and the real C&C domain might be one of them. In this case, the probability that a real C&C server will be accessed in the next cycle is 7/64 or 1/8 depending on the position of the "fake c2 (2)" domain," said researchers.
This week, Dr. Doug raves about: 'The Orgy of the Walking Dead' or Elon is controlling my brain, Schoolyard Bully, Redigo, DuckLogs, Dod Alphabet soup, Sirius XM, Pixel Tracking, TSA, Single Sign-on rants, and more on the Security Weekly News!
Novel DuckLogs malware-as-a-service detailed More than 6,000 victims have been compromised by the new DuckLogs malware-as-a-service operation, whose platform is being leveraged by over 2,000 cybercriminals, according to BleepingComputer.