While the LatentBot trojan has been around since 2013, Malwarebytes researchers warn the bot has grown rich in features and is still being actively maintained making it a serious threat.
LatentBot is a multi-modular trojan written in Delphi. Its main executable is a persistent botnet agent that downloads additional modules and then reports its activities to a command and control server, according to a June 8 blog post.
The malware was spotted in a sample distributed by the RIG Exploit Kit. Researchers spotted the trojan fetching elements with the following names: formgrab-128521-2, Bot_Engine-641712-8, Found_Core-147200-2, send_report-325310-77, security-945874-2, remote_desktop_service-828255-2, vnc_hide_desktop-590642-47, Socks-400578-2.
The trojan has the capabilities of a typical RAT and stealer. It can also act as a keylogger and form grabber, swipe cookies, run a socks proxy from the victim system, and give remote access to the attacker.
Researchers said the malware’s authors obfuscation was not very sophisticated and can easily be defeated. Yet LatentBot’s features and ability to easily expand make it a serious threat.