Compliance Management, Threat Management, Malware, Privacy

Researchers spot stealthy LATENTBOT, undetected since 2013

Researchers at FireEye spotted a stealthy BOT dubbed “LATENTBOT” that has targeted the financial services and insurance sectors as well several other industries in the U.S., U.K., South Korea, Brazil, United Arab Emirates, Singapore, Canada, Peru and Poland.

The malicious application features, multiple layers of obfuscation, MBR wiping ability, hidden VNC connection and a modular design that allows easy updates on victim machines, according to a Dec. 11 blog post. LATENTBOT can also drop Pony malware as a module to act as infostealer, remove decrypted strings in memory after being used, hide applications in a different desktop, and ransomlock similarities, the post said.

These features allow the BOT to monitor victims while avoiding detection and provide it with the capability to potentially corrupt a hard drive. Researchers believe the malware has been active since mid-2013. 

“Although LATENTBOT is highly obfuscated, due to the multiple process injections performed, it is noisy enough to be easily detected in memory with a proper behavior-based solution,” the post said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.