Cybercriminals advertising L0rdix Multipurpose malware in dark web forums, designed to be a universal go-to tool for attackers.
It developed aiming windows machine, it combines stealing, cryptocurrency mining techniques and stealthy methods to avoid malware scanning.
ENSILO security researcher, Ben Hunter discovered the L0rdix multipurpose malware advertised on dark web forums. The malware written in .NET targeting windows machine combines stealing and mining methods.
With this malware, attackers can get complete information about the victim’s PC and they can execute commands, file uploads, and other functions, also it includes a number of mining modules.
The malware advertised for 4000Ruble ($60.96) and it presents a dashboard with makes the job more easy for an attacker.
In order to avoid detection, the malware employees common malware analysis tools name and also uses WMI queries to check the string to determine whether it is running under a virtual environment.
L0rdix supports a wide variety of actions aiming to make it a universal “go to” tool for attackers that require different capabilities. It’s obvious that the writer’s preferred code simplicity while investing in a larger spectrum of capabilities to offer the buyer reads ENSILO blog post.
Once the L0rdix executed in the victim’s machine it gathers complete system information and transfers to the server by encrypting data using the AES algorithm.
The malware contains Botnet, Crypto wallet stealing and stealer functionality. It monitors clipboard activities for specific wallet types such as Bitcoin, Ethereum, Litecoin, Monero, Ripple and Doge.
L0rdix targets following browsers Chrome, Kometa, Orbitum, Comodo, Amigo, Torch and Opera and extracts login details, also it extracts cookie information from browsers.
The dark web markets remain as a place for selling stolen credit cards, the underground offers hacker-for-hire services, hacking tools, tutorials and more. These dark web markets are accessible through anonymization services such as Tor or I2P.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can check the Vulnerability Management Analysis to keep your self-updated
Hackers Offering DDoS-for-Hire Service Powered by Bushido Botnet in Dark Web Markets
Dark Web Hosting Provider Got Hacked, 6,500+ Sites Including Root Account Deleted From Server
Over 10,000 WordPress websites have been hijacked to deliver malicious software targeting both macOS and…
Cybersecurity experts have uncovered a new exploit leveraging the widely used Remote Desktop Protocol (RDP).…
Cybersecurity experts are sounding the alarm about a new SMS-based phishing tool, Devil-Traff, that is…
Experts at Wiz Research have identified a publicly exposed ClickHouse database belonging to DeepSeek, a…
The highly anticipated release of OPNsense 25.1 has officially arrived! Nicknamed "Ultimate Unicorn," this update…
Microsoft has officially added DeepSeek R1, an advanced AI model, to its Azure AI Foundry…
