A new malware with advanced capabilities dubbed Nuke HTTP Bot is up for sale on the dark market. The malware is authored by an allegedly Russian cyber-criminal operating by the name Gosya. The uncovered malware comes with mini anti-virus feature termed “bot killer”, which enables it to remove all other malware from an infected machine and be the only “Ruler”.
Security researchers at Sixgill who uncovered the “bot killer” detailed that the Nuke HTTP Bot is loaded with the capability of injecting code in Chrome and Firefox browsers, and bypassing UAC – User Account Control. The Bot Killer malware can infect both 32-bit and 64-bit systems and is capable of windows firewall execution.
Modular Approach Followed While Writing Nuke
Following the footpath of other malware authors, Gosya too used modular approach while writing the Nuke HTTP Bot. Nuke’s advance modules are not available in its base package, instead, they are sold for some extra bucks.
The modules that are available in Nuke malware include “SOCKS proxy module” which empowers it with the ability to covertly transfer data online from an infected machine.
The Nuke malware is also loaded with module dubbed “Hidden VNC module for WinXP-Win10”. The module according to researchers, makes Nuke capable of opening up a hidden remote-desktop session on an infected system.
The “Remote EXE file launcher module” that is included in Nuke malware allows it to launch codes and software onto a system. The malware also includes a rootkit module called “Rootkit for 32-Bit and 64-Bit machines”.
The malware author Gosya claimed that the Nuke HTTP Bot is completely written from scratch unlike malware such as Floki which was made with the leaked source code of infamous Zeus Trojan.
Nuke HTTP Bot claims a fairly small file size of just 83kb uncompressed. The researchers at Sixgill asserted that the full version of the malware, including the popular endpoint protection bypass solutions and SOCKS module, costs 4000$ which is comparatively very less.