Beware Of LokiBot Malware Masquerading As This Popular Games Launcher
It's all fun and games until a nasty bit of malware infiltrates your PC and wreaks havoc, right? To quote the late, great Bill Paxton, at that point it's "Game over man! Game over!" Fortunately, common sense computing habits are highly effective. Malware writers can be a clever, however, and security researchers are warning of a particular strain posing as a popular games launcher.
The malware in question is called LokiBot. If infected, it can swipe personal data from your PC, including passwords and cryptocurrency information (in case you're still into mining or collecting cryptocurrencies). LokiBot is not new—it's shown up through various means in the past, including a variant that used ISO images.
This time, however, Trend Micro says it discovered LokiBot masquerading as an installer for the Epic Games Store.
"This fake installer was built using the NSIS (Nullsoft Scriptable Install System) installer authoring tool. In this campaign, the malicious NSIS Windows installer used the logo of Epic Games—the development company behind popular games such as Fortnite—to trick users into thinking that it’s a legitimate installer," Trend Micro explains.
When a user is duped into executing the malicious installer, it drops a pair of files onto the target system. One is a C# source code file and the other is a .NET executable in the %AppData% directory. The latter file reads and compiles the former file on the infected machine. From there, it gets busy dropping a malicious payload.
"This LokiBot sample’s installation routine combines two techniques to evade detection: First, it makes use of a C# source code to evade defense mechanisms that solely target executable binaries. In addition, it also uses obfuscated files in the form of the encrypted assembly code embedded in the C# code file," Trend Micro says.
Naturally, Trend Micro is quick to point out that its security solutions can identify the threat. It's not clear how other antivirus programs handle this variant of LokiBot, though our hunch is that most of them offer similar protection, especially now that it's been reported on.
In any event, be careful of not only what you download, but where you download files from. You can grab the real Epic Games Store launcher here. And on a semi-related note, Kingdom Come Deliverance ($29.99) and Aztez ($19.99) are both free in the Epic Games Store this week