DarkSky has capabilities to evade cybersecurity controls . It launches cyber attacks only on real machines and can evade security controls
There is a new botnet on the web, dubbed DarkSky. It have been discovered by Radware’s Threat Research. DarkSky, as cybersecurity organization write on it’s blog, “features several evasion mechanisms; a malware downloader and a variety of network- and application-layer DDoS attack vectors. This bot is now available for sale for less than $20 over the Darknet”. This malware is capable of running under Windows XP/7/8/10, both x32 and x64 versions, and has anti-virtual machine capabilities to evade security controls such as a sandbox, thereby allowing it to only infect ‘real’ machines. Radware has been monitoring this malware since its early versions in May, 2017. Developers have been enhancing its functionality and released the latest version in December, 2017. Its popularity and use is increasing. It for the low price of the malware and because it’s easy to use, thanks to an intuitive the control panel.
Radware: The malware is evolving, we witnessed a spike in different variants. This is suspected to be result of an increase in sales or testing of newer versions
DarkSky, moreover, is evolving. On New Year’s Day, 2018, Radware witnessed a spike in different variants of the malware. This is suspected to be the result of an increase in sales or testing of the newer version following its launch. However all communication requests were to the same host (“http://injbot.net/”), a strong indication of “testing” samples. The botnet spreads via traditional means of infection: such as exploit kits, spear phishing and spam emails. It has 3 capabilities: DDoS cyber attacks using different vectors, downloader (especially of malware related to cryptocurrencies) and proxy.