Security experts are warning about malware that allows attackers to gain remote access to Windows PCs. We show you how to protect yourself.
The security experts from “Bleeping Computer” are warning Windows users about a new malware called “Lobshot.” Previously, it was thought that the software only collected information about crypto wallets, but it has now been revealed that attackers can also gain remote access to systems through hVNC. This is a tactic that is apparently becoming increasingly popular among cybercriminals. To lure their victims into the trap, the downloads for the malicious software are hidden in the ads of Google search. Ads for frequently used software such as CCleaner, VLC or 7-Zip are particularly affected.
What’s new here is the mentioned Lobshot malware, which is hidden behind alleged downloads for the popular application AnyDesk. If the software is downloaded through the fake link, a loader is installed through the MSI file.
Through this, a PowerShell script is installed on the computer, which then installs the Lobshot malware. This, in turn, disables Windows Defender if it is currently active. Afterwards, the malware hides itself in the Windows Autostart, making it automatically active on the next restart.
This allows data about crypto wallets and installed software to be forwarded to the criminals. Even more dangerous, the attacker can gain access to the system through an hNVC module and control it through a hidden desktop.
Important for users: If you want to download a particular software, it’s best to use the official offerings from the respective manufacturer. You should be skeptical of Google search results marked as advertisements.
In case you have found a mistake in the text, please send a message to the author by selecting the mistake and pressing Ctrl-Enter.