A new hacking tool, called L0rdix, has been deemed the latest “universal offering” for attackers targeting Microsoft Windows PCs. The new tool combines data theft and cryptocurrency mining and can avoid malware analysis tools.
In a blog post, enSilo researcher Ben Hunter said the tool is relatively new and is available for purchase. There are, however, indicators that L0rdix is still undergoing development despite an array of different functions already implemented within the malware.
It makes a “decision”
Once a machine is infected, the malware pulls information including OS version, device ID, CPU model, installed antivirus products and current user privileges. The malware’s files and configuration settings are then updated based on this information, and it is at this point where L0rdix ‘decides‘ whether or not cryptocurrency mining and data theft are appropriate.
How does it spread?
L0rdix also infects removable drives on the PC and maps itself to their icons while the original drive files and directories stay hidden. This is done to ensure that the malware gets executed when the user double-clicks it on any other machine. The malware also copied itself to different areas like the scheduled tasks to maintain persistence. It can act as a botnet by enslaving the targeted PC and use it for domain flooding in DDoS attacks.
What can you do about it?
Everyday hackers find new weaknesses to exploit and most of these new weaknesses become exploitable because of the careless and negligent users.
No protection is absolute, but a combination of personal awareness and well-designed protective antivirus tools will make your computer as safe as it can be.