The BLYPT malware family is named as such because of its use of binary large objects, also known as blobs, in its routines. The malware is known to store information in a computer’s memory in the form of embedded blobs, data forms known to be hard to manage and define.
Notably, researchers have observed the malware family to largely target individuals or home users in the United States, as opposed to business or large companies. Those who have not updated their Java software are particularly at risk of attacks as BLYPT is known to exploit a particular flaw in the said software.
The BLYPT family has two variants, each of which differ in terms of what file names are used to save the malware components and to which server the stolen information will go. From what we saw, these servers as mostly located in Romania (65.8%) and Turkey (18.4%). Apart from these, the two variants share identical routines, which include downloading an installer and attempting to connect to command-and-control servers for up to 32 times.
Since BLYPT is a backdoor malware family, its attackers can just easily use the said Java exploit to slip in remote commands to get data from affected computers. Depending on the attackers’ intent, they can just easily hijack computer libraries to load their own malicious commands, send updated Internet configurations, and connect to an external site to steal computers’ IP addresses and more.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).