Latrodectus Malware Infects More Than 44,000 IP Addresses Worldwide

Network security is not just for network managers and administrators. Everyone should be fully aware of the potential attacks that could cause stolen data and financial losses. It’s as simple as clicking and downloading an infected email attachment to launch malware. Hackers are always on the lookout for their next victims, and they will take advantage of any vulnerabilities they find.

Case in point: Latrodectus malware - a dangerous malware that specializes in stealing banking information from its targets. The malware spreads via email, and victims can lose money due to stolen banking information.

How Latrodectus Works

Latrodectus works as a downloader of other malware targeting the victim’s banking information. Once the device is infected, it communicates to a server to download the malware without network detection. According to Cyber News, the malware is used to download IcedID, QakBot, and Pikabot - all known banking malware.

The dangers of Latrodectus do not stop with the infected device. Latrodectus also works in the network, meaning it also infects other devices to steal banking information. A single click on an infected email can cause a massive malware attack.

This is not the first time Latrodectus has been detected as malware. According to Shadow Server, the malware has been in operation since 2023. Although the malware has been addressed, it continues to evolve and adapt to network security.

Among the adjustments made to Latrodectus is its ability to evade sandbox detection. Malware can be stopped in a sandbox without infecting the system. This is possible through analysis of its actions before releasing it as a trusted software. Malware can be detected by its actions, and Latrodectus evades this by delaying execution or staying dormant.

Thousands of IP Addresses Infected

The danger of Latrodectus is not only in its capacity to infect. Shadow Server’s report on the malware indicated that more than 40,000 IP addresses have been compromised. Infected IP addresses are used to connect with the server and download the banking trojan and other related malware. Affected IP addresses are from various countries worldwide, but most of them are from North and South America, Europe, India, and Australia.

In response to the reported threat, Europol-led law enforcement agencies successfully took down servers and domains, arresting 20 individuals. Because of the arrests and takedowns, the malware, according to Europol, has been “neutralized”. The IP addresses infected with malware can still pose some problems. However, malware servers have been neutralized to prevent further malware attacks.

A Constant Cat and Mouse Game

Latrodectus have been successfully neutralized through the cooperation of law enforcement agencies and security groups. However, Latrodectus has been taken down before and has evolved into something different to challenge security groups and law enforcement agencies again.

This is the reason why security doesn’t have to be the responsibility of network managers and IT experts alone. Anyone with a device connected to the internet must stay alert to the viruses they might inadvertently download. Always double-check the origin of emails and messages to protect against serious malware infections.