LODEINFO
LODEINFO is a newly observed malware implant that was first identified when it targeted Japanese organizations via cleverly-crafted phishing emails. The corrupted emails used a wide range of subjects, but they always had one thing in common – they asked the recipient to download and review a DOC attachment that contained a nefarious macro script. If the users reviewing the DOC file allowed the execution of the hidden macro, they would end up unleashing the LODEINFO malware on their systems.
In terms of capabilities, this implant appears to work as a backdoor Trojan. As soon as LODEINFO is installed and activated, it will gain persistence by adding changes to the Windows Registry. It then pings a remote Command and Control server by sending some general information about the infected system's hardware and software, as well as the default system language. Finally, the LODEINFO waits for commands submitted from the control server.
LODEINFO is able to run executable and remote commands, upload/download files and manage running processes. While its features are rather limited, they are more than enough to enable the malware's operator to plant more threats and cause trouble.
Judging by the carefully-targeted attack and the high quality of the malware implant, it is safe to assume that the LODEINFO malware is likely to be the product of an Advanced Persistent Threat (APT) actor that is interested in specific Japanese organizations and institutions.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.