L0rdix
L0rdix is a hacking platform that can be used to carry out numerous attacks on its victims. L0rdix can be used to launch attacks on computer users running the Windows operating system, including the latest versions of this platform. Malware researchers first received reports of L0rdix in October 2018, but this threat was not reported publicly until November of the same year. L0rdix carries out an attack that combines a malware designed to mine digital currency and another malware designed to collect data from the victim's computer. L0rdix also has advanced features designed to prevent the victims from detecting its presence on a computer. This allows L0rdix to run on infected computers for long periods without being detected by the victim's security software.
Table of Contents
How L0rdix is Distributed
L0rdix can be distributed to the victims in many ways. The most common include the use of corrupted email attachments and email tactics, unsafe online advertisements, and compromising the victim's computer directly by taking advantage of poorly protected remote desktop protocol connections. The best way to prevent L0rdix from being used against you, therefore, is to have strong security measures and a proper security program.
L0rdix’s Modular Framework
Malware researchers have uncovered how L0rdix was developed. L0rdix, in its first version, has five different modules. These modules allow L0rdix to carry out a variety of operations:
- The first module is designed to detect virtual or sandbox environments, obfuscate L0rdix, and prevent others from studying L0rdix's code, copying it or reverse engineer it.
- The second module is designed to collect the contents of the infected device's clipboard.
- The third module can be used to install other software, which is downloaded from a remote server. This allows L0rdix to be used to carry out other attacks.
- The fourth module is used to collect passwords and other data from the Web browsers, such as online banking or email credentials.
- The fifth module, which has caught the attention of PC security researchers, allows L0rdix to infect removable memory devices and other media connected to the infected computer.
How L0rdix Prevents Others from Detecting Its Presence
While L0rdix can be delivered to the victim's computer in a variety of ways, once L0rdix is installed, it carries out a sophisticated attack that follows determined steps. L0rdix will first perform a scan of the infected computer to ensure that it has infected a device and is not being loaded into a virtual environment. Once L0rdix has done this, it gathers information about the infected computer (such as the operating system version, device model, security software installed, etc.) and takes a screenshot of the infected computer's desktop. This information is relayed to the L0rdix's Command and Control server. L0rdix will then download its configuration settings from its server. L0rdix loads a hidden service on the infected computer that hooks to the infected device's clipboard and will monitor the infected computer for potential passwords, searching for credentials related to digital currency wallets especially.
The Dangers Associated with L0rdix
The danger of L0rdix's modular framework is that the criminals can expand it. Using different modules, the criminals can expand L0rdix's capabilities significantly. One aspect of L0rdix that has caught attention is one feature associated with worms, where L0rdix will spread itself by substituting directories and files on any external memory devices it detects with copies of itself. This will allow L0rdix to then spread to other computers where these removable devices are connected. L0rdix's carries out sophisticated attacks that have a great deal of flexibility, making it a particularly troubling development in 2018. Fortunately, computer security researchers have studied L0rdi, and security software is being updated to help deal with this threat.
