The pretend web site may be a duplicate of the pcgameboost.Com web site that provides a legitimate package program stated as good Game Booster. The pretend version of the web site is identical besides the truth that the download link installs a Trojan rather than the meant package.

A fairly new Trojan but has been seen in numerous campaigns targeting gamers. it’s precise therein it doesn’t install any patience mechanisms, therefore, it simplest runs as presently as and so remove itself. Running the Trojan permits it to steal saved login credentials within the browser, browser profiles, cryptocurrency wallets, statistics from VPN purchasers, FTP programs, text documents, pc documents, and massage sessions. It also can take a screenshot of the spirited pc on the time of execution. This record is then despatched to the attacker’s C2 server, which will then later be wont to perform many attacks.

How will it work

The Loki++ Trojan Trojan may be a passing new malware this can be being bought on underground hacker and crook forums.

While this specific sample consists of strings working out it as “Loki++ thief two.zero Coded By Loki”, protection scientist Vitali Kremez hep Bleeping pc that that’s a “modified/altered Baldr/Arkei stealer”.

Unlike different malware, Loki++ will not have any patience, due to this it’ll handiest run once and so do away with itself.

At the point when run, however, it’ll attempt to take spared login accreditations inside the program, program profiles, digital money wallets, records from VPN buyers, FTP programs, content reports, pc archives, and massage sessions. also, the Trojan can create a screen capture of the enthusiastic pc though dead.

READ  GermanWiper

This information is then uploaded to the attacker’s command and manipulate server, wherever it may well be retrieved later.

As the contamination is dead best as presently as, doesn’t show associate started to screen and deletes itself when, sufferers would assume there’s a haul with this method as nothing may well be shown on the screen. The attackers, though, would possibly currently have access to their keep login credentials and different records and can use it for quite a few attacks.

Therefore, it’s essential for users to research an online page that you download files from before doing, therefore. If the web site incorporates an excellent name, is related to the program in some manner, then it’s miles possibly safe to download.

If there could also be very little or no records a couple of web site, though, it should be avoided.

Recommendations

  • Ensure the anti-virus package and associated files square measure the maximum amount as the date.
  • Search for existing signs and symptoms of the indicated IOCs to your setting.
  • Block all addresses and IP primarily based completely IoCs at the firewall, IDS, internet gateways, routers or different perimeter-based devices.
  • Keep packages and running systems going for walks on the present discharged patch level.

 Summary

NameFake Game Booster Virus
ThreatTrojan, Password Stealing Virus, Banking Malware, Spyware
Detection Names (gamebooster.exe)Avast, BitDefender, ESET-NOD32, Kaspersky, Full List (Virus Total)
Malicious Process NameGamebooster.exe
PayloadBaldr
SymptomsTrojans are designed to stealthily infiltrate the victim’s computer and remain silent thus no particular symptoms are clearly visible on an infected machine.
Distribution MethodsInfected email attachments, malicious online advertisements, Social engineering, software cracks.
DamageStolen banking information, passwords. identity theft, the victim’s computer added to a botnet.
RemovalTo eliminate the Fake Game Booster virus our malware researchers recommend scanning your computer with Spyhunter.
READ  LookBack Malware