The LokiBot trojan first appeared in 2015 and remains very popular among cybercriminals as it creates a backdoor in infected systems Windows. It steals sensitive information from victims - including usernames, passwords, banking details and the contents of cryptocurrencies - through the use of a keylogger that monitors browser and desktop activity.
And now the malicious people are using a new LokiBot campaign to infect their victims, who have disguised themselves as the launcher of Epic Games, the developer behind the very popular online game Fortnite.
This recently discovered LokiBot campaign was analyzed by its researchers Trend Micro, who note that it uses an unusual installation routine to prevent detection by antivirus software.
As the researchers report, malicious software distributed via phishing emails sent to potential targets.
Downloading and running the fake Epic Game boot program, which uses the company logo to look legal, starts the infection process. The malware initially downloads two separate files - a C # source file and an executable .NET - to the machine application data directory.
The C # source code is very confusing, containing code segments that mean nothing but allowing the LokiBot installer to bypass any security measures in the machine.
Once logged in, the .NET file reads and complies with the C # code, before decrypting it and running the LokiBot on the infected machine. This provides the attacker with the backdoor needed to steal information, track activity, install other malware, and perform other malicious actions on the device.
LokiBot is still a lucrative malware, partly because its creator leaked it at the beginning of its creation, giving cybercriminals the opportunity to develop their own versions of malware.
In order to protect against LokiBot attacks and other malicious applications, it is recommended that users download only software and attachments from trusted sources and that organizations use software security to ensure that networks they can detect possible threats.