Cyber criminals are circulating a powerful form of trojan malware to victims by pretending it as a popular video games launcher.
LokiBot trojan malware first came in 2015 and it is very popular for creating a backdoor into infected Windows systems. It is used by the hackers to steal sensitive information from victims which includes usernames, passwords, bank details and the contents of cryptocurrency wallets by using a keylogger that monitors browser and desktop activity.
Currently a new LokiBot campaign is trying to infect users by disguising the launcher for Epic Games who are the developers behind the very popular online multiplayer video game Fortnite.
The cyber security researchers at Trend Micro has discovered the new LokiBot campaign and they stated that it uses an unusual installation routine to prevent being detected by antivirus software.
The researchers believe that the fake downloader is distributed in bulk via spam phishing emails to the targets.
When the false Epic Games launcher is downloaded and installed it will start the infection process. In the process the malware drops two separate files — a C# source code file and a .NET executable — into the app data directory of the machine.
The C# source code is heavily obfuscated, containing portions of junk code but allow the LokiBot installer to bypass any security measures on the machine.
Once inside the system, the .NET file reads and complies the C# code, before decrypting it and executing LokiBot itself on the infected machine. This gives the attacker, the backdoor needed to steal information, monitor activity, install other malware and carry out other malicious actions.
Th latest version of LokiBot suggests that the malware will remain a threat for some time to come.
To protect against LokiBot and other malware attacks, the users are highly recommended to only download software and attachments from trusted sources and the companies must make use of security solution to ensure that their networks can detect potential threats.