L0rdix is a hacking platform that can be used to carry out numerous attacks on its victims. L0rdix can be used to launch attacks on computer users running the Windows operating system, including the latest versions of this platform. Malware researchers first received reports of L0rdix in October 2018, but this threat was not reported publicly until November of the same year. L0rdix carries out an attack that combines a malware designed to mine digital currency and another malware designed to collect data from the victim's computer. L0rdix also has advanced features designed to prevent the victims from detecting its presence on a computer. This allows L0rdix to run on infected computers for long periods without being detected by the victim's security software.
How L0rdix is Distributed
L0rdix can be distributed to the victims in many ways. The most common include the use of corrupted email attachments and email tactics, unsafe online advertisements, and compromising the victim's computer directly by taking advantage of poorly protected remote desktop protocol connections. The best way to prevent L0rdix from being used against you, therefore, is to have strong security measures and a proper security program.
L0rdix's Modular Framework
Malware researchers have uncovered how L0rdix was developed. L0rdix, in its first version, has five different modules. These modules allow L0rdix to carry out a variety of operations:
- The first module is designed to detect virtual or sandbox environments, obfuscate L0rdix, and prevent others from studying L0rdix's code, copying it or reverse engineer it.
- The second module is designed to collect the contents of the infected device's clipboard.
- The third module can be used to install other software, which is downloaded from a remote server. This allows L0rdix to be used to carry out other attacks.
- The fourth module is used to collect passwords and other data from the Web browsers, such as online banking or email credentials.
- The fifth module, which has caught the attention of PC security researchers, allows L0rdix to infect removable memory devices and other media connected to the infected computer.
How L0rdix Prevents Others from Detecting Its Presence
While L0rdix can be delivered to the victim's computer in a variety of ways, once L0rdix is installed, it carries out a sophisticated attack that follows determined steps. L0rdix will first perform a scan of the infected computer to ensure that it has infected a device and is not being loaded into a virtual environment. Once L0rdix has done this, it gathers information about the infected computer (such as the operating system version, device model, security software installed, etc.) and takes a screenshot of the infected computer's desktop. This information is relayed to the L0rdix's Command and Control server. L0rdix will then download its configuration settings from its server. L0rdix loads a hidden service on the infected computer that hooks to the infected device's clipboard and will monitor the infected computer for potential passwords, searching for credentials related to digital currency wallets especially.
The Dangers Associated with L0rdix
The danger of L0rdix's modular framework is that the criminals can expand it. Using different modules, the criminals can expand L0rdix's capabilities significantly. One aspect of L0rdix that has caught attention is one feature associated with worms, where L0rdix will spread itself by substituting directories and files on any external memory devices it detects with copies of itself. This will allow L0rdix to then spread to other computers where these removable devices are connected. L0rdix's carries out sophisticated attacks that have a great deal of flexibility, making it a particularly troubling development in 2018. Fortunately, computer security researchers have studied L0rdi, and security software is being updated to help deal with this threat.
Do You Suspect Your PC May Be Infected with L0rdix & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like L0rdix as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.