Lokibot now using fake Epic Games installer to fool victims

February 19, 2020

The data
harvesting malware Lokibot has again been upgraded by its creators, this time
to impersonate a popular online game launcher in order to trick victims into
mistakenly downloading the malware.

Trend Micro researchers
say Lokibot now presents itself as an installer of the Epic Games store. The
threat actors used Nullsoft Scriptable Install System (NSIS) installer
authoring tool along with the Epic Games logo to create the scam file. Epic is
the publisher of the immensely popular Fortnite game.

Once the
victim downloads the fake installer two file are dropped on to the machine: a
C# source code file and a .NET executable in the “%AppData% directory”. The
last stage sees Lokibot downloaded and installed and it goes to work swiping the
targeted data.

Prior to
this latest advance Lokibot had been upgraded to usecampaign that exploits a
remote code execution vulnerability to deliver the malware using the Windows
Installer service and a variant with an improved persistence mechanism using
steganography.

All these
changes indicate to Trend Micro that the actors behind Lokibot have no intention
of moving beyond this particular malware and that more changes and infections
can be expected.

The post Lokibot now using fake Epic Games installer to fool victims appeared first on SC Media.

Original Source
Tags: , , ,

You may have missed

Basta

Black Basta Ransomware Victim: bdcm[.]com

April 30, 2024
ai checkout2

Smart devices: new law helps citizens to choose secure products

April 30, 2024
CISA Logo

CISA: CISA Releases Four Industrial Control Systems Advisories

April 30, 2024
CISA Logo

CISA: CISA and Partners Release Advisory on Akira Ransomware

April 30, 2024
CISA Logo

CISA: Oracle Releases Critical Patch Update Advisory for April 2024

April 30, 2024