Monday, July 15, 2024

LokiBot Mimics as Game Launcher To Trick the Users into Executing Malware

Lokibot trojan malware emerges first in the year 2015, it is known for stealing sensitive details such as usernames, passwords, bank details, and cryptocurrency wallets.

The threat actors behind the malware continue to add various capabilities over the years and it is distributed through spam emails, SMS, Skype, etc.

A new campaign of LokiBot spotted by Trend Micro attacking windows machine impersonating as a popular Epic games launcher.

LokiBot Mimics as Game Launcher

Lokibot trojan malware impersonates as a popular game launcher to trick users into executing malware on their machines.

To evade detection it uses a compiled C# code file, which will get executed after the delivery, by using this technique attacker can evade detection.

The infection starts with the execution of the fake installer built using NSIS (Nullsoft Scriptable Install System) uses the logo of Epic Games to make users believe it is legitimate.

Upon execution of the installer, it drops tow files C# source code file and a .NET executable. The .NET executable is responsible to read and compile the dropped C# code file.

According to a Trend Micro report, the LokiBot uses two evasion techniques, “First, it makes use of C# source code to evade defense mechanisms that solely target executable binaries. Also, it also uses obfuscated files in the form of the encrypted assembly code embedded in the C# code file.”

The final payload is the dangerous Lokibot, which can cause serious losses to privacy and financial data.

The presence of Lokibot malware in the system is hard to detect, it executes silently without affects system performance.

Follow us on TwitterLinkedinFacebook for Daily cyber security & hacking news updates.


Latest articles

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to...

ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution

ViperSoftX is an advanced malware that has become more complicated since its recognition in...

Malicious NuGet Campaign Tricking Developers To Inject Malicious Code

Hackers often target NuGet as it's a popular package manager for .NET, which developers...

Akira Ransomware Attacking Airline Industry With Legitimate Tools

Airlines often become the target of hackers as they contain sensitive personal and financial...

DarkGate Malware Exploiting Excel Files And SMB File Shares

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles