As technology advances, cyber criminals who hide behind computer screens are getting increasingly creative with their methods with every passing day. Hackers have now found a way to target users by delivering a dangerous form of Trojan malware by disguising it as a launcher for one of the world's most popular video games.
What is LokiBot?
LokiBot Trojan malware first reared its ugly head in 2015 and remains a popular tool among cyber criminals even today. The malware is used to create a backdoor into infected Windows systems and steal sensitive information from victims including usernames, passwords, banking details as well as cryptocurrency wallets with the help of a keylogger that records browser and desktop activity.
Despite being five years old, LokiBot continues to remain a prolific malware threat, in part because, during its initial stages, the underlying code was leaked, allowing cyber criminals the opportunity to develop their own customized versions of the malware.
LokiBot malware masquerading as Epic Games launcher
Now, security researchers at Trend Micro have discovered that cyber criminals have adopted a new LokiBot campaign by cloaking the malware as the launcher for Epic Games, the developer behind the hit online multiplayer video game, "Fortnite." The researchers also pointed out that the malware uses sneaky methods like an unusual installation process to avoid detection by antivirus software.
Modus Operandi
The team at Trend Micro believes the fake game launcher is being distributed as attachments in spam phishing emails sent out in bulk to victims, and is a common method used by bad actors to deliver the LokiBot payload. Once the fake Epic Games launcher, which uses the company logo to make it look legitimate, is downloaded, installed and opened, the infection process is initiated.
The malware delivers two separate files: a C# source code file and a .NET executable into the app data directory of the computer. The C# source code is heavily obfuscated and contains portions of junk code that don't mean anything but allow the LokiBot installer to evade security checks on the system.
Once it gains access to the system, the .NET file reads and complies the C# code, before decrypting it and executing LokiBot itself on the infected device. This gives the hacker a backdoor entry into the system, which can then be used to steal information, monitor activity, install other malware and carry out other malicious actions.
How to protect yourself?
In order to avoid falling prey to LokiBot or other malware attacks, it is advised that users only download software and attachments from verified and credible sources only.
If you have been infected by the malware, there are some steps you need to follow in order to delete the malware entirely from your device.
Remove Lokibot From Android Devices
If your Android device smartphone/tablet infected with Lokibot Virus, then follow the steps:
- Press and hold your device's Power button. This will show up the Power off menu;
- Now, press and hold the Power off button until you are prompted with "Reboot to Safe Mode";
- Press "OK" to enter into the Safe mode;
- Now, you need to locate the Malicious app and deny all the administrative rights of the app and then remove the virus.
- Open Settings(the gear icon), and click on "Apps";
- Go through the list and locate the Malicious app, and Uninstall it.
- Clear Cache of the device to remove all residue of the apps.
- If the apps does not allow you to remove, it means has the administrative permissions, to turn it off:
- Click on Settings –> Security –> Device administrators.
- Open the app from the list which has the administrative permission. Tap to open.
- Now, click on"Deactivate" button –> "OK".
- You may need to restart your device and then try out uninstalling the malicious app again.
- Restart your device Normally as you do.
- Scan Your Android Device with powerful anti-virus program.
Remove Lokibot From Windows OS
To remove this damaging malware from your windows OS, please follow the steps carefully:
- Boot Your computer to Safe Mode
- Open task manager and kill the .exe process for the virus.
- Disable any suspicious program from startup.
- Remove Lokibot Trojan using an antivirus program.
