NanoBot
NanoBot is a backdoor Trojan that can let attackers control your PC or collect information from it. Recent campaigns leveraging it are using social engineering-based e-mails themed after the Coronavirus for convincing users into infecting their computers. Users should inspect e-mails for possible dangers, such as mislabeled file extensions, and let their anti-malware programs delete NanoBot Trojans as soon as possible.
Diseases Evolving into Cyber-Crime
As the Coronavirus remains a top concern among countries around the world, from China to Australia to the United States, criminals are seeing opportunities for infecting desperate medical workers and virus victims. While NanoBot is a preexisting Trojan botnet (a decentralized network of Trojan-controlled, infected computers), its campaign is taking on the Coronavirus theme to good effect, for its administrators. By leveraging news and instructions about the virus, the attackers are gaining access to PCs through corrupted documents, links, and other infection vectors.
NanoBot is a backdoor Trojan that operates as a general-purpose profiteer for remote attackers. It can mine for cryptocurrency, take screen captures, record the webcam and offer remote desktop control over the PC. Trends in its current distribution patterns still target networks worldwide, with new lures such as e-mail attachments pretending that they're Coronavirus updates from Thailand's Establishment of National Institute of Health. In this instance, the file is a GZ archive but pretends that it's a document – and installs NanoBot after opening.
The abuse of fake formatting for file formats remains current to both NanoBot and its competing alternatives, such as LokiBot, a dedicated data collector. By including formatting tags inside of filenames, threat actors hope to trick users into opening what looks like a document or picture and may even have the appropriate icon. However, users with their operating system settings configured for showing file extensions can see the 'double' extension: such as 'example-fake-picture-bmp.exe.'
The Checkup that Keeps Digital Diseases Away
NanoBot offers attackers with the means of infecting networks or 'only' taking advantage of hijacking an individual's home PC for activities like burning their CPUs out on generating Bitcoins. While its payload provides dangers both immediate and long-term for the system's privacy, safety, and hardware health, none of them are unique to it. Likewise, its Coronavirus-themed infection tactic is one that it shares with other Trojans and even RATs active in the threat landscape.
Similarly-threatening to NanoBot, and using the same, COVID-19 theme, include Trojans like CoronaVirus Ransomware – a file locker, the Android-based SpyMax RAT and CovidLock Ransomware, the Parallax RAT, and the Ostap Trojan downloader, among others. The targets include more than just governments or media-oriented business entities, but also universities and other educational institutions. In many incidents, the attack has content tailored to the organization, such as NanoBot's using a Thai seal.
Users should always scan their downloads for threats and doublecheck addresses before opening links in unexpected e-mail messages.
NanoBot offers the usual struggles of a Trojan network being taken advantage of en masse: the plundering of information for selling and the abusing of hardware for repetitive criminal activities. More worrisomely, the scheme its latest attacks are turning the screws on makes it evident that Black Hat programmers will turn anything into a profit, even a global health disaster.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.