Researchers spot stealthy LATENTBOT, undetected since 2013

December 14, 2015

Researchers at FireEye spotted a stealthy BOT dubbed “LATENTBOT” that has targeted the financial services and insurance sectors as well several other industries in the U.S., U.K., South Korea, Brazil, United Arab Emirates, Singapore, Canada, Peru and Poland.

The malicious application features, multiple layers of obfuscation, MBR wiping ability, hidden VNC connection and a modular design that allows easy updates on victim machines, according to a Dec. 11 blog post. LATENTBOT can also drop Pony malware as a module to act as infostealer, remove decrypted strings in memory after being used, hide applications in a different desktop, and ransomlock similarities, the post said.

Read full story…