Summary: TEHTRIS reports a resurgence of LegionLoader, a malware downloader, with over 2,000 new samples surfacing. This global campaign has particularly impacted Brazil, employing deceptive techniques to trick users into downloading malicious files via drive-by downloads. The malware employs various evasion tactics to bypass traditional antivirus solutions, utilizing password-protected archives and anti-sandbox mechanisms to thwart detection efforts.
Affected: Global organizations, with Brazil being the most affected country.
Keypoints:
- LegionLoader has been active since at least December 19, 2024, and has grown substantially in recent weeks.
- It primarily spreads through compromised websites and illegal download platforms, luring users into downloading malicious ZIP files.
- The malwareβs MSI file implements anti-sandbox techniques and is designed to evade detection by traditional antivirus software.
- Upon execution, it extracts multiple files into the %APPDATA% directory, preparing for further stages of infection.
- LegionLoader uses rundll32 to execute a final payload, which is suspected to be a malicious DLL.
Source: https://securityonline.info/legionloader-malware-downloader-resurfaces-with-2000-new-samples/
Views: 10