Threat Watch

LokiBot Impersonating Epic Games Launcher

Researchers at Trend Micro have recently discovered a LokiBot variant disguising itself as the Epic Games Launcher. The variant uses the open source NSIS (Nullsoft Scriptable Install System) to create an installer application with the Epic Games logo to convince victims they were installing the legitimate application from Epic Games. According to Trend Micro, the malicious installer drops a .NET executable file alongside a file with C# source code in the %APPDATA% directory. The .NET executable is a heavily obfuscated binary designed to read, deobfuscate, compile, and launch the C# source file. The last phase of the infection chain is to drop the final LokiBot payload.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

LokiBot is typically delivered through spam messages, however, Epic Games will never email their user base with any kind of executable file. When in doubt, always go to the official website to download software.

Source: https://blog.trendmicro.com/trendlabs-security-intelligence/lokibot-impersonates-popular-game-launcher-and-drops-compiled-c-code-file/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support