LiquorBot

LiquorBot Description

LiquorBot is a Trojan botnet or a network of decentralized Trojans on infected machines. As a ported version of the Mirai Botnet, it targets similar IoT or Internet-of-Things devices, including home users' routers, for mining cryptocurrency. Users should reset their devices to factory settings and employ anti-malware solutions for protecting associated PCs and hardware for any threats related to LiquorBot requiring removal.

An Old Vintage Getting Reinvigorated Twice Over

The Mirai Botnet, a notorious Internet-of-Things networking infection, is to botnets as Hidden Tear is to file-locking Trojans – a seminal ancestor of countless, free variants by numerous and unaffiliated threat actors. In 2020, honeypot servers maintained by Bitdefender caught not just one, but two versions of the Mirai Botnet's code receiving their installations together through corrupted scripts. The LiquorBot is the most notable of these threats due to being a complete port of Mirai Botnet Trojan to the Go or Golang programming language.

Due to some minor benefits over traditional C++, Golang usage is becoming more commonplace in Trojan campaigns, as seen in incidents like the attacks of Sednit, Zebrocy Go or the r2r2 worm. LiquorBot also takes advantage of a flexible structure that supports more environments than most threats, such as x86, x64, MIPS and ARM. The most vulnerable devices for LiquorBot infections are routers and IoT-compatible cameras, which are at risk from the brute-force SSH and, in rarer cases, software vulnerability tactics that the Trojan leverages.

LiquorBot uses a CPU-based method of conducting its primary purpose: mining cryptocurrency. Like the MyKings Botnet, Graboid, and other competitors in the same field, LiquorBot prefers Monero over Bitcoin, due to current market values and the low resource intensity of the associated mining functionality. Users should note that while the LiquorBot Trojan doesn't compromise any related PCs directly, malware researchers do confirm a general-purpose, file-downloading feature that could elevate the infection's danger level.

Staying on the Wagon with IoT Security

Despite the sophistication of LiquorBot's porting and updates from the old Mirai Botnet, businesses and individuals can put forth primary defenses that work well against its automated distribution model. Updating software with their latest patches will close out many of the vulnerabilities that newer versions of LiquorBot can fall back on, such as the Belkin's Wemo CVE-2019-12780 vulnerability or the nslookup-misusing CVE-2017-6884. Proper maintenance of firewall and port settings, and responsible password implementation, will counter the Trojan's brute-force techniques.

Most users shouldn't attempt detecting LiquorBot infections by eye. The victim-side Trojan includes a stage that removes file-based evidence of the intrusion, as well as Linux and macOS bash history. As a further complication, Monero mining can be a lightweight activity, and some of the usual symptoms of a mining Trojan, such as performance issues, might not be present.

Users should follow manufacturer recommendations on resetting any devices compromised by LiquorBot, and malware experts recommend fully patching and changing passwords additionally. Anti-malware tools should analyze other, vulnerable systems for possible threats related to the LiquorBot attack.

LiquorBot is a fairly sizable investment in programming time for its threat actor. However, since it's also coming to the world with another Mirai Botnet offshoot simultaneously, the criminals are hedging their bets – which can't mean anything good for the Internet-of-Things.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to LiquorBot may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to LiquorBot may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: January 13, 2020

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.