Researchers Have Found New MikuBot Malware
Industry: N/A | Level: Tactical | Source: Cyble
Researchers from Cyble have discovered a new malware named MikuBot, available for purchase in cyber-crime forums. Cyble described the malware's capabilities as "a malicious bot that steals sensitive data and launches hidden VNC sessions that allow the TA (Threat Actor) to access the victim’s machine remotely, spread through USB, and download and execute other malware." The malware targets Windows Vista to Windows 11 and is standalone, thus not requiring any dependencies for its execution. When executed the malware establishes persistence with a scheduled task to run every 10 minutes and an internet shortcut file is created within the start-up folder to enable auto-launch following system restarts. Encoded PowerShell commands follow to modify settings in Windows defender and a query from PowerShell gathers system information to send to the attacker. A user interface is provided to the attacker to help manage deployed MikuBots. The malware offers a low bar for entry to beginner-level threat actors at an initial price of $1300 for 1.5 months of access.
- Persistence with Encoded PowerShell to Tamper with Windows Def
Anvilogic Use Cases:
- Create/Modify Schtasks
- Symbolic OR Hard File Link Created
- Encoded Powershell Command