- After Virobot infects a machine, it becomes part of a spam botnet that pushes the ransomware to more victims.
- The malware was first detected on September 17 and has been targeting victims in the US.
Virbot is a newly discovered multi-purpose malware that provides proof of how cybercriminals are diversifying their attack methods. The malware comes with ransomware, keylogger, and botnet capabilities.
According to security researchers at Trend Micro, who discovered Virobot, the malware is still under development and was first detected on September 17. Despite that the ransom note is written in French, Virobot has been targeting victims in the US.
After Virobot infects a machine, it becomes part of a spam botnet that pushes the ransomware to more victims. The ransomware encrypts the data on the targeted system via RSA encryption.
Meanwhile, the botnet’s keylogger feature steals victims’ logged data and sends it to the C2 server. Virobot’s botnet function uses an infected machine’s Microsoft Outlook to send spam emails to all everyone on the user’s contact list.
“The ransomware needs to establish communication to its C&C server to successfully encrypt files. However, as of writing time, it is no longer able to encrypt files because Viro botnet’s C&C was taken down,” Trend Micro researchers said in a blog.
Virobot is not the only multi-purpose malware to have cropped up recently. Earlier this month, XBash, the malware was also discovered by security experts. It has ransomware, botnet, cryptomining and worm capabilities.
This trend of developing and deploying multi-purpose malware is blurring the lines of functionalities. It also indicates how cybercriminals are diversifying to ensure that their malicious tools can infect more victims and make more money.