LODEINFO

By GoldSparrow in Malware

Translate To:

The LODEINFO malware is a new threat that was spotted in a campaign targeting Japanese companies recently. The targets would receive a well-crafted phishing email, which is how the LODEINFO threat is being distributed. The emails in question would vary topic-wise. However, all of the emails that were used for the propagation of the LODEINFO threat contained a corrupted document attachment. The recipient would be asked to review the seemingly harmless document. However, upon launching it, the hidden macro-scripts within it would be executed, and the LODEINFO malware would compromise the user’s system.

The LODEINFO threat appears to operate as a regular backdoor Trojan. Once the LODEINFO malware is installed on the targeted host successfully, it will gain persistence by tampering with the Windows Registry service. The LODEINFO Trojan also would establish a connection with its operators’ C&C (Command & Control) server. Next, the LODEINFO threat would provide the attackers with information regarding the default language, as well as the host's hardware and software. After completing this, the LODEINFO Trojan would wait for more commands from its operators. The LODEINFO malware is capable of:

Downloading files from the host.
Uploading files from the C&C server.
Planting additional malware on the host.
Executing remote commands.
Managing active processes.
Running executable files.

Despite the fact that the LODEINFO threat is not very feature-rich, it is a high-end threat that appears to be the product of a threat actor that is highly experienced in the field of cybercrime.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

LODEINFO

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen