Debate Magazine

New Advanced Malware Targeting Windows Computers Available on the Dark Web

Posted on the 11 December 2018 by Darkwebnews @darkwebnews

There is new hacking tool making rounds in dark web forums reportedly capable of stealing data, mining cryptocurrencies and avoiding detection from anti-malware tools.

The software called L0rdix, labeled as a multipurpose attack tool, lets users target Windows-based PCs.

According to Ben Hunter, a cybersecurity researcher at enSilo, the software is relatively new and may still be undergoing development but has an array of capabilities already implemented.

The malware, which is being sold on the dark web for 4,000 rubles (or $60 USD), is written in .NET, allowing its user to compromise a Windows system easily.

The primary objective of the malware, according to the report from enSilo, is stealth cryptocurrency mining, but the builders had to make the malware obfuscated.

To do this, the 32-bit application has been tweaked using the ConfuserEx obfuscator as well as the more sophisticated .NETGuard obfuscator on some samples.

L0rdix is just the latest malware of its kind to hit darknet forums, marking a developing trend in the demand for crypto mining tools.

Employs Common Malware Analysis Tools to Boost Stealth

To avoid detection from anti-virus and anti-malware tools, L0rdix scans for monitoring tools that are commonly used but also uses registry keys and WMI queries to look for strings to detect virtual environments and sandboxes.

Cybersecurity experts mostly use these tools for malware analysis. Once it has identified any of the tools, it bypasses them by disabling their engines.

However, all this happens after a machine has been infected, then in an automated manner, it tries to infiltrate other computers or devices connected to the compromised device.

The program will then contact a pre-configured server after the infection has been initialized to download the latest update and configuration files.

The program then harvests data including operating system, valid hardware ID, browser data, anti-virus installed, processor model and graphics controller mode together with screenshots of the computer's usage.

The data is encrypted using AES then sent to a command-and-control server where it is later used to create a unique identity for each machine from which it came from.

Such data will enable future updates and configurations to be easily integrated.

Additionally, it also reported that the data collected will be used to determine whether it may be appropriate for the program to mine cryptocurrencies or hijack crypto wallets along with their matching coins.

Essentially, the mining module in the malware is missing some crucial components because it is a bit younger since it was created in the later stages.

Other information that the malware collects include saved login details, cookies and a list of extensions located in desktop or directories from various web browsers such as Comodo, Chrome, Opera, Amigo, Kometa, Orbitum and Torch.

Malware Targets Other Devices to Compromise

Once all this is done, the program automatically starts infecting another host, such as removable devices, mapping itself to them.

It changes the attributes for each file or directories to hidden, then copies itself using their icon and name. When double-clicked, the program is executed on another machine.

The malware also acts as a botnet, disenfranchising infected machines. This gives the malware the ability to upload a file, open a specific URL in a browser, download and execute an executable file, execute command prompts or end a particular process.

With some of these abilities, it can perform DDoS attacks.

Malware's Persistence

To prolong its presence, the malware copies itself in an area such as scheduled tasks, making it impossible to remove using manual methods.

Thus every time the computer is powered on, it will automatically start itself.

In the end, a more sophisticated L0rdix is expected in the future since indicators have shown that it is still undergoing development.

For instance, it uses simple data encryption as well as a less sophisticated data handling capability between the infected machine and the servers.

To remain attractive in dark web hacking forums, it will need to address the said issues.

Disclaimer:


You Might Also Like :

Back to Featured Articles on Logo Paperblog

These articles might interest you :

  • Big Food Giants Manipulate Public Health Policy in China

    Food Giants Manipulate Public Health Policy China

    Coca-Cola is at it again. As soda sales decline in the United States and Europe, beverage companies look to emerging economies like China for growth. And, it... Read more

    The 15 January 2019 by   Dietdoctor
    DIET & WEIGHT, HEALTH, HEALTHY LIVING, MEDICINE
  • Jewellery for a Precious You

    Jewellery Precious

    Jewellery is always close to a woman’s heart. It completes her look and boost confidence. Considering the changing trends in jewellery fashion, it becomes... Read more

    The 15 January 2019 by   Dr.jenifer Sayyed
    LIFESTYLE
  • Rajshri Productions’ Next Is A Film On Friendship | Hum Chaar | Trailer

    Abhishek Dixit’s debut feature film Hum Chaar is a Bollywood film made under the banner of Rajshri’s film. Hum Chaar is written and directed by Abhishek Dixit. Read more

    The 15 January 2019 by   Themoviean
    ENTERTAINMENT, MOVIES
  • Saint Paul the First Hermit

    Saint Paul First Hermit

    Today is the feast day of Saint Paul the hermit. This is a sweet and delicate Oatmeal Bread topped with rolled oats and naturally sweetened with agave. Saint... Read more

    The 15 January 2019 by   Veronica46
    FOOD & DRINK, RECIPES
  • Irupathiyonnaam Noottaandu | Teaser | Pranav Mohanlal | Arun Gopy

    Arun Gopy’s Irupathiyonnaam Noottaandu is an upcoming Malayalam action-drama feature film starring Pranav Mohanlal and Zaya David in the lead roles. Read more

    The 15 January 2019 by   Themoviean
    ENTERTAINMENT, MOVIES
  • A Year Of Body Positivity

    Year Body Positivity

    Last January, as I sat there on New Years eve all set to make the same old resolutions I've made year after year for as long as I can remember, I realised how... Read more

    The 15 January 2019 by   Sparklesandstretchmarks
    DIARIES, SELF EXPRESSION
  • Garden Bloggers Bloom Day – Jan 2019

    Garden Bloggers Bloom 2019

    Euphorbia rigidaWhen I went out to take the photos for this blog post I was surprised at how much was in flower dotted around the garden. Read more

    The 15 January 2019 by   Patientgardener
    GARDENING, HOME

Magazines