Cybercriminals are increasingly using Betabot infostealer malware to launch cyberattacks, according to cybersecurity analytics platform provider Cybereason.
Betabot was discovered in 2012, and it initially was used exclusively as a banking Trojan, Cybereason indicated. However, Betabot now allows cybercriminals to quickly take over a victim's machine and steal sensitive information.
Betabot exploits a vulnerability in the Equation Editor tool in Microsoft Office, Cybereason noted. This vulnerability was present in Equation Editor since its launch in 2000, but it was only discovered by security researchers and patched by Microsoft last year.
The malware includes self-defense features designed to help it bypass detection by various security products, and these features include:
- Anti-virtual machine/sandbox.
In addition, Betabot attempts to detect 30 different security products by looking for process names, specific files, folders, registry keys and services, Cybereason noted. Betabot also has the ability to deactivate some of these security products.
How Are Cybercriminals Using Betabot?
Cybercriminals often use Betabot as part of social engineering attacks, according to Cybereason. They leverage phishing emails to persuade users to download and open what appears to be Word documents attached to an email, then launch Betabot attacks.
Also, cybercriminals sometimes use Betabot to remove malware and bots that are already on a victim's machine, Cybereason indicated. This enables cybercriminals to eliminate competition and gain sole access to a victim's sensitive information.
Best Practices to Minimize the Risk of Betabot Infection
Cybereason offered the following best practices to help organizations minimize the risk of Betabot infections:
- Avoid clicking links and downloading or opening attachments from unknown senders.
- Look for misspellings, typos and other suspicious content in emails and attachments and report any abnormalities to IT or information security.
- Keep your software up to date and install Microsoft security patches.
- Disable the Equation Editor feature in Office.
The Cybereason security operations center (SOC) has detected multiple Betabot infections in customer environments over the past few weeks, the company said. Fortunately, organizations that understand the dangers associated with Betabot can take the necessary precautions to limit their risk of infection.