Submit Release
News Search

There were 364 press releases posted in the last 24 hours and 401,639 in the last 365 days.

ANY.RUN Analyze New Node.js Malware with Unprecedented Capabilities

DUBAI, UNITED ARAB EMIRATES, September 27, 2023 /EINPresswire.com/ -- Researchers at ANY.RUN, an interactive sandbox for malware analysis, have discovered and analyzed a new Node.js malware called Lu0Bot.

๐”๐ง๐ข๐ช๐ฎ๐ž ๐ฆ๐š๐ฅ๐ฐ๐š๐ซ๐ž

Lu0Bot is more versatile and difficult to detect than most malware families because it targets a platform-agnostic runtime environment commonly used in modern web applications and employs multi-layer JavaScript obfuscation, combining traditional malware traits with web technologies.

While its activity level is currently low, Lu0Bot may be more prevalent than it seems, with many dormant samples awaiting commands from the command-and-control servers.

๐“๐ก๐ž ๐ค๐ž๐ฒ ๐Ÿ๐ž๐š๐ญ๐ฎ๐ซ๐ž๐ฌ

Lu0Bot is capable of stealing personal information, such as passwords and credit card numbers, and taking over control of the victim's computer. It can also be used to launch DDoS attacks. However, due to the programming language in which it is written, the range of its capabilities can be expanded significantly.

๐€๐ง๐š๐ฅ๐ฒ๐ฌ๐ข๐ฌ ๐ซ๐ž๐ฌ๐ฎ๐ฅ๐ญ๐ฌ

ANY.RUNโ€™s investigation into the malwareโ€™s code revealed that:

โ€ข Lu0Bot uses a Node.js interpreter that accepts encrypted JS code as input.
โ€ข It fetches system data using WMIC, including information about processes and the execution location.
โ€ข The malwareโ€™s domain is constructed from various parts, assembled into a single entity within the JS code.
โ€ข The malware copies itself to the startup folder to ensure that it remains operational after the system restarts.
โ€ข Lu0Bot's code starts with an array of encrypted strings, which are then manipulated and decrypted using a custom function that employs an alternative form of BASE64, URL encode-decode, and RC4.

Read the article to see how the ANY.RUN team successfully extracted the configuration of Lu0Bot and presented YARA, Sigma, and Suricata rules along with a comprehensive list of IOCs, which are essential for prompt detection of the malware.

Vlada Belousova
ANYRUN FZCO
2027889264
email us here
Visit us on social media:
Twitter
YouTube

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

You just read:

ANY.RUN Analyze New Node.js Malware with Unprecedented Capabilities

Distribution channels: Business & Economy, Companies, Electronics Industry, IT Industry, Technology


EIN Presswire's priority is author transparency. We do our best to weed out false and misleading content. The content above is the sole responsibility of the author who makes it available. If you have any complaints, kindly contact the author above.

We use cookies for analytics, personalized content and ads. By continuing to browse this site, you agree to this use. Learn more