Experts from Trend Micro analyzed a pattern of a new SolidBit Ransomware variant that aims at gamers and social media platforms. According to the reports, this malware was uploaded to GitHub, where it is masquerading as different applications like a League of Legends accounts checker tool and an Instagram follower bot, to lure in victims.
SolidBit Ransomware Masquerading As Different Applications
This new version of ‘SolidBit ransomware’ is a.NET compiled binary. It is believed of being like a ‘LockBit ransomware’, as both share similarities in their chat support sites’ formatting and the file names of their ransom note.
The researchers explain saying the League of Legends account checker on GitHub is packed with a file and instructions on how to use the tool but no GUI (Graphical User Interface).
“When an unsuspecting victim runs the application, it automatically executes malicious PowerShell codes that drop the ransomware. Another file that comes with the ransomware is named “Source code,” but this seems to be different from the compiled binary”, Trend Micro researchers.
Additionally experts noticed an executable file named Rust LoL Accounts Checker.exe protected by Safengine Shielden, which obfuscates samples and applications to make reverse engineering and analysis harder. On the execution of the file, an error window appears that debugging tools have been spotted.
Upon clicking this executable file, it will drop and execute Lol Checker x64.exe, which runs the malicious PowerShell codes that drop and execute the ‘SolidBit Ransomware’. Further, this file disables the Windows Defender’s scheduled scans by using PowerShell command. Finally, the file will drop and execute the file Runtime64.exe, called ‘SolidBit ransomware’.
Analysis says the SolidBit Ransomware targets social media users and is utilized for ransomware-as-a-service (RaaS) activities. Therefore to mitigate the risk, organizations can implement ‘Trend Micro Vision One, which has multilayered protection and behavior detection capabilities. ‘Trend Micro Apex One’ also provides next-level automated threat detection and response to protect endpoints against advanced issues, like fileless threats and ransomware.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.