Once activated, malagent.autoitbot attempts to access the Gmail login page using popular browsers such as Microsoft Edge, Google Chrome, and Mozilla Firefox. However, its capabilities extend beyond email account access.
The primary objective of this bot is data theft and system manipulation. It can capture keystrokes, read clipboard contents, and even take control of keyboard and mouse inputs, enabling it to gather confidential information like usernames, passwords, and other critical data.
In addition, malagent.autoitbot can initiate reboots or shutdowns on the infected device, run processes under different user accounts, and block user input upon detection of debugging tools. This anti-analysis feature hampers the study of the malicious software and the development of protective measures, presenting a significant challenge for cybersecurity experts.
An examination of the malware conducted by Sonicwall’s research team revealed that the file was heavily obfuscated and utilized multiple network libraries with obscure identifiers, making it difficult to decipher the exact actions and motives of the malicious software.
Further analysis uncovered commands within the script that directed browsers to Gmail login pages via “Accounts.google.com”. However, the malware goes beyond targeting Gmail, also including links to login pages of popular social networks, indicating a wider scope of data theft across various online services.
Of particular concern is malagent.autoitbot’s ability to quietly launch multiple processes simultaneously. For example, when launching Firefox, the malware discreetly creates a hidden page while attempting to establish a network connection. This covert behavior allows the virus to operate undetected, complicating its identification and thwarting efforts by both users and conventional antivirus solutions.
Given its capabilities, Malagent.autoitbot presents a significant threat to both individual users and organizations. Its capacity to pilfer credentials and manipulate system functions underscores the importance of exercising caution with files of unknown origins.