The Smoke Loader botnet, publicly available since 2011, is still active on the black market — with more than 1,500 active samples detected in the past six months. While other researchers have identified various aspects of the threat, 360 NetLab took aim at the malware’s admin panel, which offers support for multiple plugins and functions — such as FORM GRAB, BOT LIST, KEYLOGGER and more — designed to help attackers successfully infiltrate targeted devices. The flexibility of Smoke Loader remains its biggest appeal; it was among the top 10 malware threats detected by Check Point in December 2018. New Modifications for an Old Threat Smoke Loader’s continuing popularity on the black market speaks to its ongoing innovation. Originally identified as modifications to help obfuscate the loader’s command-and-control (C&C) infrastructure, the security firm suggested that these patches were actually the work of third parties looking to skip the black market fee and release their own malware strain. How Organizations Can Douse the Fire of Smoke Loader How can companies fight back against increasing Smoke Loader campaigns?