"The Number of Devices Infected by the MyloBot Botnet Is Rapidly Increasing"
The MyloBot botnet has been in operation since 2017 and was first detailed in 2018 by the cybersecurity firm Deep Instinct. MyloBot is described as an evasive Windows botnet that employs sophisticated anti-analysis methods. The first sample of the bot consisted of three stages. Since November 2018, researchers at BitSight have been sinkholing the botnet. In 2018, the proxy sample of the botnet featured a large number of hardcoded DGA domains, allowing researchers to monitor nearly any bot. Beginning in 2020, a maximum of 250,000 unique infected machines per day were identified by researchers. Due to the absence of hardcoded DGA domains in the most recent version of the botnet, which debuted in early 2022, analysts were unable to reach an accurate estimate of the number of infected devices. The analysts then began monitoring MyloBot downloader domains to observe the progress of the botnet. They discovered a connection between the MyloBot and the residential proxy service BHProxies, which suggests that the infected machines are being used by the latter. According to researchers, the botnet is rapidly growing, noting that it has infected thousands of devices globally. This article continues to discuss the growth of the MyloBot botnet.