Bokbot

BokBot, also known as IcedID or Anubis, is a type of malware first discovered by X-Force in September 2017. It's a banking trojan that has been widely used in cybercrime operations to steal sensitive information such as banking credentials from infected computers. The malware infects systems through suspicious downloads, emails, or websites and can disrupt operations or even hold data hostage for ransom. Notably, BokBot was distributed via an .msi file in an IcedID infection event reported by Unit42_Intel in November. More recently, BokBot has been observed using HTML smuggling, showing similarities with Qakbot in terms of delivery method. From November 2018 through February 2021, Vyacheslav Igorevich Penchukov, alias Vyacheslav Andreev and "Tank", led a conspiracy that resulted in numerous computers being infected with BokBot. Despite being added to the FBI’s Cyber Most Wanted List, Penchukov returned to criminal activity, leading to significant damages and losses. For instance, when the University of Vermont Medical Center was hit by BokBot, it caused $30 million in losses and disrupted critical patient services for over two weeks, posing serious risks to patients. The widespread use and damaging effects of BokBot led to a coordinated international police action dubbed Operation Endgame, which aimed to take down the infrastructure sustaining botnets including BokBot. This operation involved European, British, and U.S. police forces and targeted several other malicious botnets. In connection with his BokBot activities, Penchukov pleaded guilty to one count of conspiracy to commit a racketeer-influenced and corrupt organizations offense and one count of conspiracy to commit wire fraud. His conviction marks a significant step in combating the spread of this dangerous malware.