The main functionality of a threat named OceanLotus, that was noticed by security analysts lately, is to deliver a payload. OceanLotus pretends to be a genuine scanner file from McAfee and spreads in a bundle that hosts the encrypted associated payloads and files. To bundle its data with other data OceanLotus uses a method called steganography, which is very effective. OceanLotus disguises its payload as normal files and legit applications and their file's names will be highly convincing.
To detect and eliminate security applications installed on the affected machine that can prevent the invasion, OceanLotus will set in motion a security bypass module. Then, an adapted version of the Remy backdoor will be introduced, which will give the controllers of the OceanLotus threat to start dominating the machine so that they can perform their harmful tasks.
There are different campaigns delivering OceanLotus, and its actions will depend on the tactics used by the one that is attacking the machine. The main actions that OceanLotus will perform include the identification of the infected machine, collection of data, changes to the boot menu options and the Windows Registry and much more. To eliminate this pest from an infected machine, you should use a trusted malware scanner, which will identify and remove OceanLotus, as well as other threats installed by it.