A new multipurpose attack tool, L0rdix, is currently on sale in Deep Web Forums that are hosted by hackers. L0rdix is written in .NET and designed to infect computers with Windows operating system. It aims to steal and mine while being in stealth mode.
Despite being a one-attack-tool, L0rdix is capable of many actions. It can be considered as a Swiss Army Knife for cyber criminals.
Multiply and conquer!
With its USB infecting module, L0rdix finds and marks all connected removable devices in the network. It changes each file and directory’s attributes to hidden and copies itself in their place with the same name and icon. Thus, it will infect other removable devices when the user double clicks on files.
Takes over the control
With its botnet functionality, L0rdix is able to open a specific URL in a browser, kill a specified process, execute cmd commands, upload files, download and execute an executable file in your computer. It can also execute DDOS attacks by sending large number of HTTP requests on a specific host by its HTTP traffic overloading feature.
Stealing and cryptocurrency mining
L0rdix is after your private data. It aims to collect all files, which match the list of extensions from the configurations data, from your desktop or its directories, cookies and saved login credentials from your browser like Chrome, Kometa, Orbitum, Comodo, Amigo, Torch and Opera.
With its miner functionality, L0rdix can also take over your computer and use its resources for cryptocurrency mining without your consent.
Decision to make
After a targeted computer is infected, L0rdix collects information about your computer, such as version of the Operating System, CPU model, all installed antivirus solutions, device ID, user privileges. It encrypts the collected data along with a screenshot of the infected computer then sends to command and control server. According to this forwarded information, L0rdix updates its files and settings to decide whether to mine and steal or not.
Along with the functionalities above, the developers of L0rdix made it highly advanced so that it can differentiate the virtual environment from the real world. When it is in the virtual environment, L0rdix does not execute itself. Therefore, it cannot be analyzed by common malware analysis tools.
According to researchers, L0rdix consists of other unfinished modules and weak implementation details. This indicates that L0rdix is still under development and more sophisticated versions of it will cause troubles in the future.
New troubles of the cyber world
While we at Zemana are working to eliminate zero-day threats by implementing deep learning mechanisms into our products and applying new multi-layered defense systems, it is no surprise that cyber criminals are working to create new types of malware that are harder to be detected and cause more damage than before.
Users: Weakest link in the cyber security chain
This is the reason why there is are no computers in the world that cannot be hacked. Everyday hackers find new weaknesses to exploit and most of these new weaknesses become exploitable because of the careless and negligent users.
Zemana Endpoint Security protects your corporate network with its multi-layered defense while restricts your users. Your IT department can create policies to block applications, malicious websites or other websites that contain certain keywords, removable devices such as USB, Bluetooth devices, CD Roms, disk drives, and more.
Your business will be more secure once the weakest link in the chain is handled. This is why Zemana Endpoint Security will come in handy in controlling careless and negligent users in your corporate business environment.