Home Malware Programs Droppers Legion Loader

Legion Loader

Posted: December 20, 2019

Legion Loader is a name assigned to a newly discovered form of a threatening software that is capable of dropping malware onto a targeted system. Funnily nicknamed ‘a hornet’s nest,’ the Legion Loader is just a dropper capable of planting a group of harmful tools in one take. While most of those tools are low-level threats such as Raccoon, Vidar and Predator the Thief, researchers also have observed cases of cryptocurrency embezzlement, RDP exploitation and data extraction, to name but a few.

Legion Loader Modus Operandi

To download additional malware onto the affected PC, Legion Loader has to grab it from a remote C&C server first. What malware it will snap from the C&C server depends on the availability of a crypto wallet onto the machine or the lack thereof. Should Legion Loader come across one while scanning the victim’s computer, it will not only drag a coin stealer to empty the wallet but also bring a tool to extract any login credentials for crypto sites it could find. Finally, Legion Loader will not forget to plant a threatening RDP backdoor disguised as a regular system service to keep track of future activities.

How to Avoid a Legion Loader Infection

The best way to avoid a Legion Loader infection is to follow the best digital safety practices, including but not limited to regular data backups, frequent password changes, up-to-date software, VPNs, as well as any other technique that increases the security level of your accounts, networks and devices.