L0rdix
L0rdix is a multi-purpose Trojan that uses modules for conducting configurable attacks, including 'mining' the PC for cryptocurrency or collecting information. This threat also supports significant self-distributing features, and the users should take special care for avoiding compromising any removable drives or network shares by accessing them from an infected system. Use updated anti-malware solutions for deleting L0rdix safely and isolate the PC from other devices until its disinfected status is verifiable.
The One-Stop Shop for All Your Hacking Needs
Threat actors are selling a Trojan package that, far from being a focused specialist, provides a variety of services with different criminal intentions in mind, and may support even more than its present arsenal, in the future. L0rdix, similarly to threats like SmokeLoader or Swort, is most suited towards creating cryptocurrency at the expense of the victim's hardware or collecting information, but, in theory, could be put to other purposes. While it's not feature-complete, samples available to malware experts suggest that L0rdix's authors will continue updating it over the coming months.
L0rdix is a Windows-based Trojan that replaces all removable drive icons with custom imitations, which let it compromise other machines when the users double-click them. This worm-like feature could let L0rdix spread throughout networks and PCs that share portable storage such as USBs rapidly. Malware experts also find L0rdix including prerequisites for its installation and running, which requires no sandbox-based environment and other details that suggest that the Trojan is evading cyber-security analysis tools.
Like most Trojans without a singular, distinct purpose, L0rdix is modular and compartmentalizes its additional attacks into separate downloadable modules. For now, malware experts are determining L0rdix's being capable of collecting information, such as Web-browsing credentials or temporary 'cookie' files, and providing criminals with backdoor Command & Control accessibility, most likely, for botnet purposes. Although L0rdix also appears purpose-built for mining cryptocurrency from the infected system's hardware, this functionality is incomplete and non-working, as of late November.
Retaining Lordship over Your Network
Windows PCs with L0rdix infections should have all removable drives isolated, as well as network connections disabled immediately as insurance against its spreading to other systems or receiving Command & Control directives. Although cryptocurrency-mining can, in some configurations, cause performance issues or noticeable resource expenditure, threat actors may set L0rdix up by emphasizing its stealth-related features and avoid drawing any attention to their attacks. Additionally, L0rdix is capable of uploading or downloading new files, terminating programs automatically, and executing a variety of Command Prompt-based commands.
Although a single victim may spread L0rdix to other devices nearby, malware researchers haven't come across evidence of how the instigating payload, first, gets access to the primary PC. Criminals may brute-force server logins opportunistically, send targeted spam e-mails to employees or circulate it randomly via torrents and file-sharing sites. Proactive anti-malware software for blocking and deleting L0rdix at will is your PC's best protection.
Even with all that it's capable of, right now, L0rdix is an unfinished product. With further development of modular attacks and defenses like encryption, L0rdix campaigns may become even more problematic for its victims throughout 2019.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.