Lecpetex Botnet
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 60 % (Medium) |
| Infected Computers: | 2 |
| First Seen: | July 9, 2014 |
| Last Seen: | December 5, 2020 |
| OS(es) Affected: | Windows |
The Lecpetex Botnet was an extensive network that consisted of over 250,000 infected computers primarily in Greece, Poland and Norway. The threat was distributed through Facebook messages and suspicious content like torrent files. The primary goal of the people behind Lecpetex Botnet was to force the computers into mining Litecoin - the second largest crypto currency after BitCoin. The Lecpetex Botnet was very sophisticated and successfully evaded several different anti-virus programs. With joint efforts, Facebook and the Greek police managed to disable the botnet and brought the perpetrators of these spam campaigns to justice. The threat was able to infect computers quite easily and didn't provide any visible symptoms except a slightly impaired performance. To ensure your PC is not serving the interests of hackers is to have a strong anti-malware program that will prevent the danger.
Table of Contents
How is Lecpetex Spread and How Many are the Victims?
Lecpetex used a distribution method that resembled the domino effect because one infiltration would lead to many others. The threat monitored browser cookies in order to gain access to the friend list of the user. After that, the threat would automatically send messages containing corrupted files, most often disguised as images. These files appeared to be innocent and were often accompanied by a certain attention-attracting phrase such as "hahaha" or "omg". These methods are known as social engineering because they manipulate the recipient into performing a certain action that, in this case, is harmful. Every successful infection would result in messages sent to all of the victim's Facebook friends, infecting them in turn. Doing so enabled Lecpetex to hijack more than 50,000 Facebook accounts. The creators of Lecpetex very often modified the threat in order to not be spotted by anti-virus programs and the built-in protection of the social platform. Facebook possesses a range of security features and one of them monitors and scans the sent files. This means that if they see the same file being sent again and again, it will be classified as spam and thoroughly investigated. The threat first appeared in December 2013 and by June 2014 there were more than 20 successful spam campaigns.
What Happens after Opening a Threatening File?
According to the specialists, opening a contaminated file would result in the download of additional software. One was the DarkComet module, a famous tool for stealing login data. Loading it on your PC could have disastrous results as all of your valuable credentials could become a possession of third parties - including bank accounts. The majority of infected computers, however, were forced to load a Litecoin mining application. Crypto currencies such as Litecoin, Bitcoin and Ripple are "mined" into existence. This means that after performing certain tasks in regards to the payment system, the person is awarded some Litecoins. To say it simpler, the cybercrooks behind the Lecpetex Botnet use your computer resources in order to earn money. Additionally, the operators implement certain Bitcoin "mixing" services that make following the cash flow very hard. The threatening programs, loaded after the system breach, were hosted on popular domains such as Dropbox. Unfortunately, at the time it was not possible to discover the uploader of the contaminated files.
How to Know if Your Computer is a Part of the Lecpetex Botnet?
In most cases, people whose computers were involved in the Lecpetex Botnet didn't have many complaints. This is easy to understand because both DarkComet and the Litecoin mining application don't want to raise suspicions in order to achieve their tasks uninterrupted. Usually, only the computer speed was harmed by the threat. Unfortunately, this sign wasn't obvious enough for the majority of people, and they didn't download a powerful threat removal programs in order to scan the system.
The Lecpetex Botnet was so sophisticated that Facebook experts alone were not able to prevent its distribution and had to request help from the police. As the authorities were striving to disable the network, the culprits were mocking them by uploading messages on several Command and Control servers. Eventually, the two Greek hackers, responsible for the crime, were apprehended and now are about to face charges.
How not to Become a Part of the Lecpetex Botnet?
Lecpetex is a proof that when criminals invest enough efforts in their corrupted programs, they may successfully evade detection by the traditional anti-virus programs. The only way to prevent such risks is by a specially designed anti-malware program that focuses entirely on eradicating high-level threats. It is a common sense not to open suspicious attachments or messages. However, even experienced Internet users may be deceived by an aggressive social engineering like receiving a message from a friend with seemingly innocent picture. In such cases, a good security program would be the only difference between a completely safe computer and a remotely controlled source of income for third parties.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.