LALALA Infostealer

The LALALA Infostealer is a new hacking tool used by an unknown cybercrime group. The threatening program is being distributed via phishing emails that claim to contain an important document attachment – instead of a legitimate document, users who download the corrupted file may result in infecting their machines with a copy of the LALALA Infostealer. This threat is meant to work on the victim's machine silently and gather data from installed applications, and then transfer it to the attacker's Command and Control server.

The first thing that the LALALA Infostealer does after being launched is to create a scheduled task that executes a VBS file every minute. The file in question has a randomized name, and it contains a corrupted code that enables it to receive commands from a remote Command and Control server. The LALALA Infostealer is designed to extract data from Google Chrome, Mozilla Firefox, Microsoft Outlook, Microsoft Edge and Mozilla Thunderbird. All of the information is stored in a folder with a random name that is found in the %TEMP% directory. The extracted data is then compressed using a legitimate copy of WinRAR that was delivered alongside the LALALA Infostealer, and placed in a system directory.

The LALALA Infostealer Targets Web Browsers and Email Clients

Last but not least, the LALALA Infostealer's collected data is encrypted and transferred to the attacker's server. This threat enables its operators to gather cookies, saved login information, contact lists, auto-fill data, and other details from the applications listed above.

The LALALA Infostealer was detected by just a few anti-virus products when it was first discovered, but it is likely that anti-virus vendors have already updated their databases to identify and eradicate this threat. If you wish to keep your data safe from threats like the LALALA Infostealer, you should maintain your computer protected by a trustworthy PC security software suite.