LALALA Infostealer
Malware researchers have uncovered a brand-new infostealer pestering users online. This threat is dubbed the LALALA Infostealer, and it is not known who are the developers behind it. The goal of the LALALA Infostealer is to sneak into their target’s system silently, collect information, and then exfiltrate the gathered data to the attackers’ C&C (Command & Control) server.
Gathers, Compresses and Transfers Data to the Attackers’ C&C
It appears that the authors of the LALALA Infostealer are using spam email campaigns to propagate this threat. Usually, this includes a fake message and a macro-laced attachment. Users who fall for this trick and launch the attached file would allow the threat to compromise their system. Upon infecting a targeted PC, the LALALA Infostealer will make sure that a VBS file is executed every minute. The VBS file’s purpose is to receive commands from the LALALA Infostealer’s authors’ C&C server. This infostealer is capable of collecting information from several popular services – Mozilla Firefox, Mozilla Thunderbird, Google Chrome, Microsoft Edge, and Microsoft Outlook.
The data that the LALALA Infostealer collects is then placed in a folder that is located in the user’s %TEMP% directory. Apart from planting the LALALA Infostealer on the target’s system, the attackers also inject a genuine copy of the WinRAR application into the compromised host. This allows them to compress the gathered information and move it to a system directory. Then, the collected information is encrypted and exfiltrated to the attackers’ C&C server. The LALALA Infostealer is designed to collect saved login credentials, contact lists, cookies, any saved auto-fill data, and other important information.
At first, a large number of anti-malware applications were incapable of detecting the LALALA Infostealer, which makes it rather dangerous. Fortunately, it is likely that the developers of these tools have already updated their databases to include the LALALA Infostealer. Make sure you have a reputable anti-malware solution that will keep your data secure. Furthermore, do not forget to update all your software regularly.
