The new variant of the notorious LokiBot malware is more sophisticated and effective than its previous versions.
Discovered originally in 2015; LokiBot malware is extremely popular among cybercriminals because of its multitasking abilities. The malware is capable of converting itself into full flagged ransomware and harvests almost every type of data from login IDs and passwords to banking data and crypto wallets contents, which it does by using keyloggers that monitor user activities on the device and the browser.
According to Trend Micro researchers, the newly discovered variant of LokiBot malware is being distributed as a popular game launcher for Epic Games, the same developer behind the massively popular online game Fortnite, to trick users so that they execute it on their devices.
Detected as Trojan.Win32.LOKI; this campaign has a rather peculiar installation routine in which a C# code file is dropped to infect the device. The user believes that this file is Epic Games store installer, and executes it without suspecting any foul play.
See: Hackers using Drake’s kiki do you love me to drop Lokibot malware
As per Trend Micro’s blog post, this installer is created by using the authoring tool called Nullsoft Scriptable Install System or latest lokibot malware variant distributed games installer
