LatentBot
Intelligence Profile
FireEye describes this malware as a highly obfuscated bot that has been in the wild since mid-2013. It has managed to leave hardly any traces on the Internet, is capable of watching its victims without ever being noticed, and can even corrupt a hard disk, thus making a PC useless.
Using Dynamic Threat Intelligence, they have observed multiple campaigns targeting multiple industries in the United States, United Kingdom, South Korea, Brazil, United Arab Emirates, Singapore, Canada, Peru and Poland – primarily in the financial services and insurance sectors. Although the infection strategy is not new, the final payload dropped – which they named LATENTBOT – caught attention since it implements several layers of obfuscation, a unique exfiltration mechanism, and has been very successful at infecting multiple organizations.
Threat Analysis
LatentBot is a high-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.
Financially motivated threat actors like LatentBot prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
With high sophistication, LatentBot is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.