Although the virus dubbed Latentbot has been on the loose since 2013, it hadn’t been discovered until recently, so read the description and get removal steps.
Latentbot is a highly covert backdoor infection sustaining the operation of an expansive botnet whose existence and features were lately unveiled by security experts. This threat stands out from the crowd due to one peculiar fact: it took the antimalware industry over two years to spot its traces, which is an eternity as far as things like incident response are concerned. The reason why the virus has managed to stay undetected for so long is the multiple layers of obfuscation it leverages. The code is isolated to the infected computer’s memory only, staying there for brief time spans so that AV suites don’t get much chance to identify it. Latentbot was found to be mainly after people’s identity details and financial data, including e-banking access credentials. However, it has a tangible destructive capability and can wipe one’s Master Boot Record information, making the OS inoperable.
One might presume a malicious sample as stealthy as that would be delivered to machines in a totally arcane fashion. As it turns out, things aren’t quite so conspiratorial in this context as the payload spreads with attachments to email messages. It’s typically a file resembling a Word document that causes the trouble – as soon as a gullible user opens it, the code execution on the box is a matter of a split second, being backed by a built-in exploit. By the way, Latentbot is quite selective about the operating system and geolocation criteria. In particular, it doesn’t target Windows Vista and Windows Server 2008 platforms. Ultimately, the backdoor contaminates the workstations and networks that its creators can benefit the most from.
Further investigation of this malware reveals a few more interesting characteristics. Once installed, it connects to the C&C server and downloads another dangerous entity known as the LuminosityLink RAT (remote administrator tool), which in its turn allows the attackers to monitor the user’s activity. Latentbot also works in cahoots with the Pony Loader virus, which checks the compromised computer for Bitcoin wallets. Whichever way you slice it, the backdoor is extremely harmful and should be removed along with all of its accomplices. Be advised some security solutions cannot detect it at this point, so get your PC scanned for Latentbot with the software that can.
Automated removal of Latentbot virus
Owing to an up-to-date database of malware signatures and intelligent behavioral detection, the recommended software can quickly locate the infection, eradicate it and remediate all harmful changes. So go ahead and do the following:
1. Download and install the antimalware tool. Open the solution and have it check your PC for backdoors and other types of malicious software by clicking the Start Computer Scan button
2. Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix Threats to get the troubleshooting completed.
- Petya ransomware removal and system recovery (upd. June 27)
- Sorebrect ransomware – fileless malware exploits PsExec utility
- Remove MOLE02 ransomware virus and decrypt .mole02 files (upd. June 15)
- Erebus ransomware infects Linux web servers in South Korea
- Decrypt .master ransomware files – BTCWare virus variant