Legion Loader

The Legion malware is classified as a loader, and it is a very harmful and potent threat reportedly. The operators of the Legion loader use this threat to plant additional malware on compromised machines. Most threats of this type are used to plant one additional strain of malware, while the Legion loader appears to deliver either two or three separate corrupted executable files to the infected hosts. After analyzing the activity of the Legion loader, cybersecurity researchers have noticed that its operators tend to plant threats that are available for purchase on underground hacking forums. Some examples would be the Raccoon Stealer, Predator the Thief and Vidar. It appears that the authors of the Legion loader are experienced and well-versed in the ins and outs of cybercrime.

Capabilities

As soon as the Legion loader infiltrates a system, it establishes a connection with its operators’ C&C (Command & Control) server and fetches its corrupted files. Next, the Legion loader will make sure to scan the compromised system for the presence of any cryptocurrency wallet details, or information regarding cryptocurrency-related credentials that may be stored on the computer. This is done using an obfuscated PowerShell script. In case that the scan returns positive results, the Legion loader will continue the attack by planting a threat that is meant to collect cryptocurrency-related data. It also will download a stealer that is meant to collect Web browser data, mainly targeting any cryptocurrency websites login credentials that may be saved. Lastly, the Legion loader will plant an RDP backdoor on the system. The RDP backdoor would mask itself as a harmless system service to avoid detection.

Users who mine or trade cryptocurrency need to extremely careful when it comes to cybersecurity. With the boom in popularity of cryptocurrencies, more and more cyber crooks are looking for ways to exploit it. Make sure you update all the software that is present on your system regularly. Furthermore, make sure you download and install a legitimate anti-malware solution that will keep nasty threats at bay and ensure your security online.