New malware dropper is a “hornet’s nest” of dangerous software
A new malware dropper, dubbed the Legion Loader, has emerged. Deep Instinct researchers discovered the malware, and have since been referring to it as a “hornet’s nest” of malware due to its ability to infect computers and install additional malware on them. Although this is common among droppers, which are used frequently in cyber attacks, the Legion Loader contains particularly damaging malware and is designed to install up to three different malware executables.
The malware executables Legion installs are available through black market forums, such as Vidar, Predator, the Theif, and Racoon stealer, but experts warn that the malware isn’t the issue: it’s what comes next. Legion uses a Powershell script to scan the compromised device for evidence of cryptocurrency wallets or credentials, and if either of those is found Legion downloads a cryptocurrency stealing program and a web browser credential stealer to extract victim data.