LokiBot burst onto the scene in 2015, and has earned a reputation as being a powerful. This fearsome trojan is being distributed in a new way that poses a very real threat to targets of all shapes and sizes.
The latest campaign emulates the launcher for Epic Games, which is the developer behind the game Fortnite. Fortnite is one of the most popular online games in the world right now.
Researchers at Trend Micro discovered the new campaign. They note that thanks to a few unusual aspects of the install routine used, the malware can (in many cases) avoid detection by many popular antivirus programs.
In particular, the code borrows heavily from the official Epic Games launcher. The malicious features are too deeply embedded in the code to be noticed by most A/V programs in use today.
Like previous campaigns, this one relies on phishing emails. Those emails dangle hooks before potential victims, giving them a free, easy and convenient way of installing an incredibly popular game.
Unfortunately, any email recipient who clicks the link will not only not get a copy of the game installed, they'll also wind up with a backdoor placed on their system and a copy of the malware itself. The copy acts as a keylogger and actively searches the infected system for usernames, passwords, banking details, and the contents of any cryptocurrency wallets that may be tied into or accessed from the system in question.
In other words, despite the fact that the software is five years old, it's a serious threat and should not be taken lightly. The latest obfuscation tweaks have given the aging code a new lease on life, and all indications are that that trend will continue. It appears that Lokibot will be part of the threat matrix for quite some time to come.