Researchers at Deep Instinct have discovered a six-in-one malware that appears to be designed for enterprise-level victims. The malware uses a payload dropper called “Legion Loader,” which is suspected to have been developed by a Russian speaker as the code shows a few traces of comments and UI written in Russian. The six elements used are:
• Vidar – Targets personal information and data stored in two-factor authentication (2FA) software.
• Predator the Thief – A data stealer that can capture webcam images.
• Racoon Stealer – Bypasses Microsoft and Symantec anti-spam messaging gateways.
• Crypto Stealer – A cryptocurrency stealer.
• Crypto Miner – Uses the victim’s processing power to mine for cryptocurrency.
• RDP Backdoor – Provides access to the victim’s machine which would allow an attacker to execute commands in the future.
The reasons why the researchers state that this dropper-for-hire campaign is likely designed for enterprises are the destructive capabilities and the fact that it attempts to evade anti-spam messaging gateways typically found in enterprise IT environments.