Bobik Malware Linked with Attacks in Ukraine
Bobik is the name of a piece of malware acting like a remote access trojan. Security researchers have linked Bobik to a threat actor known for its pro-Russian attitudes, known by the alias NoName 057(16).
According to researchers, the NoName 057(16) threat actor would go on its Telegram account and post about its latest attacks at times that coincided with distributed denial of service (DDoS) attacks using Bobik.
Bobik has both spying tools and DDoS tools at its disposal. The malware can collect information on the compromised device, including keystroke logging. The malware can also be used to launch DDoS attacks using infected devices that have been added to its botnet.
Bobik's infection chain is associated with another piece of malware known as RedLine stealer. RedLine is used as a dropper, fetching Bobik, which in turn deploys its DDoS component.
The malware has been used in attacks both against government and military entities in Ukraine and against entities located in countries that support Ukraine. The latter include mobile carrier Verizon and British multinational parts supplier GKN Ltd.
Bobik has also been used in attacks against targets in Lithuania, Latvia and Poland, as well as Scandinavian countries.