Cyber Criminals Employing New Method to Replicate and Distribute Betabot Malware

Media Division | February 27, 2017

There are a wide variety of different types of malware out there.  Attackers continue to adapt and create them to serve various malicious purposes.  One type of malware that is actually quite old, but is still frequently employed is Betabot.  The purpose of Betabot is hijacking computer systems to recruit them into botnets.  It has been employed in many different incidents, including for the purpose of stealing passwords and banking data.  And recently, it has been found being used in ransomware campaigns.

Betabot can be very appealing to cyber attackers because of its ease of use and results.  But Betabot does not come free, as the creators charge for the Betabot builder, and it is not exactly cheap.  This has brought many attackers to use a cracked version of the builder to produce Betabot copies without having to pay for it.  Ironically, the creators of the malware builder had implemented a series of anti-piracy measures to prevent it from being cracked.  For instance, they have made the process of encrypting the configuration data more complex by storing the information within the bot itself when the payload is generated.  This method makes it troublesome for antivirus and other security software to unpack the data but also makes it more difficult for other cyber criminals to encode their version of configuration data.

The Prominence of Betabot

The appeal of Betabot to cyber attackers is it’s easy to use command and control (CnC) server interface.  Criminals favor the ability to be able to jump right into using Betabot, as opposed to needing to create their own botnet framework.  Whether it be due to them lacking the technical ability or desire to do this, it tends to be easier for them to simply employ the Betabot builder or the cracked version to launch the malware campaign.

The prominence of Betabot has fluctuated quite heavily over the years.  There have been several different iterations of the malware, with upgrades or alterations for it to be more able to bypass antivirus and security methods.  The most prevalent version at this time has been Betabot revision 1.7.  Rumors of a 1.8 version have gone around the web, but when looked into, were simply slightly modified versions of 1.7, with no major changes to the Betabot framework.

The legitimate version of the Betabot builder typically goes for around $120 on black markets.  Which is apparently too high a price for many cyber criminals, as they would rather use the cracked version.  This situation displays an interesting factor – that attackers are not only targeting the general public but are also directing their efforts toward stealing the work of fellow hackers and criminals. It goes to show that in some realms, there truly is no honor among thieves.

Defending Your Organization from Threats and Attackers

Cyber threats are more prevalent than they have ever been.  With a massive amount of different types of malware, and other threats lurking the cyberscape, it is critical that an organization have proper defenses and proactive security in place.  Many threats are adeptly designed to evade detection from traditional reactive security methods, which is why cyber security intelligence can be of great assistance.  Cyber security intelligence services can relay alerts about indicators or patterns of threats lurking in hidden parts of the web, which can allow a business to defend from them before they become more prominent. Massive Alliance’s cyber security intelligence services can be a complement to your organization’s current security measures and can assist in defending valuable data and assets.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.