Categories: Security Tips

Security Tips to Protect Yourself From New Mgbot Malware Variant

A new variant of MgBot malware was discovered earlier this month, that is being used by Chinese Threat actors to exploit users in Hongkong and India. First discovered on 2nd July the malware masquerades itself as an archive document from the Indian government. It carries malicious templates that can load and infect your device with the Cobalt Strike variant.

Post this, the malware drops, injects, and executes MgBot by exploiting the Windows Application Management services. As per the research reports of MalwareBytes, it was also found delivering the same payload in the form of an archive file containing a statement from Boris Johnson, the British PM about HongKong.

A security researcher at Malwarebytes also stated that a Chinese state-sponsored actor is behind all this and represents the ongoing tension of China with India and Hongkong.

How Does the Attack Take Place?

  • Firstly, a variant of Cobalt Strike is spread via phishing emails and aims at exploiting the dynamic data exchange protocol for executing the infected codes.
  • Secondly, the final payload is injected which continues to use specific codes and templates to inject the malware.
  • Thirdly, MgBot fetches and executes the final payload.
  • The MgBot malware is dropped in the form of DLL and gets executed with the “net start AppMgmt” command.
  • Apart from this, a cmd file is also created, which executes the payload and also gets rid of any traces of the cmd and loader file from the victim’s device.

It is also found that the malware contains RAT Trojan capabilities and uses it for taking screenshots, logging keystrokes, creating mutexes, manipulating processes along with various files and folders, and much more. It is also discovered that the criminals are deploying multiple IP addresses to host C&C servers and payloads. Most of the servers used are loaded in Hongkong.

Security researchers also believe that MgBot is executed by Chinese threat actors who also carried Rancor, APT40, and KeyBoy attacks.

How to Protect Yourself From New Mgbot Malware Variant?

Security procedures are a must to fight malicious malware like MgBot.

  • Regularly update your device programs, equipment, and applications to patch all security loopholes and voids.
  • Use a powerful antivirus program with enhanced in-built scanning capabilities.
  • Avoid accessing email attachments and links whose origin is not known to you.
  • Use an Ad-blocker tool to block annoying and infected ads.
  • Only use Google Play store and other official websites for downloading various applications and programs.
  • Get rid of old and obsolete applications that are no longer in use.
  • Take regular backups to avoid any data losses.

Ward-off malicious malware like MgBot by following basic hygiene rules.

Adrian

Recent Posts

Block Spotify Ads: Is it Worth and Legal? Useful Tips

As a Spotify Free user, you might feel like you want to block Spotify ads. This could be because they…

1 year ago

Hacked Spotify Account? Tips to Regain Access

As it is one of the most popular digital music, podcast, and video services, a hacked Spotify account may be…

1 year ago

Learn about Cracking. Essential Security Tips to Keep It Away

You may, or may not have heard about cracking. Either way, you should be aware of this threat, and learn…

1 year ago

What Is Victim Fraud Shame? Useful Tips to Fight Against It

Victim fraud shame is a very dangerous thing that may happen to those who become online victims. Some of them…

1 year ago

Five Steps to Stay Safe Online. Essential Security Tips

We assume that everybody wants to stay safe online. For this, some simple, still very important rules should be followed.…

1 year ago

How to Report Cybercrime? Become a Security Hero

Have you ever thought about how you could report Cybercrime? Maybe you or one of your friends became the victim…

1 year ago