The Revived Malware Dubbed Legion Loader, Causing Stir in 2022.
Cybersecurity firm Gen has issued a threat report for Q1 2025, revealing the resurgence of the malware known as Legion Loader. First sighted in 2022, the malware saw a significant decline before its recent reactivation.
The report emphasizes the rise of the remote access Trojan Wincir, also known as Legion Loader, which capitalizes on the rise in scams that trick victims into installing updates on their devices, providing entry for malware. This tactic has increased global risk indices by a staggering 1,711%, according to the report.
The report also highlights that popular browsers such as Chrome are mimicked in phishing attempts, which raise Legion Loader's effectiveness. Among the countries most affected by this type of scam are Germany, Belgium, Spain, Italy, New Zealand, Netherlands, Poland, United Kingdom, and Switzerland.
Legion Loader operates through third-party websites, posing as legitimate portals for updating applications or services. While the download does not run automatically, a series of instructions are displayed for manual installation. However, the user must double-click or select 'Enter' on the resulting screen for the malware to execute.
The report from Gen clarifies that the malware cannot attack simply by consulting the instructions and downloading the file. It requires user interaction for effective deployment. To avoid becoming a victim, users should avoid downloading content from unknown sources.
The authors of the report warn that the resurgence of threats like Legion Loader highlights the increasing sophistication of cyberattacks. Current tactics include the use of artificial intelligence to tailor attacks based on victim behavior, create realistic phishing content, and evade antivirus detection.
However, the overall volume of cyberattacks has not significantly increased; instead, there has been a shift towards more innovative and persistent tactics. The report concludes by emphasizing the importance of raising awareness, implementing proactive measures, and prioritizing strong cybersecurity practices for the development of a smarter, safer, and more resilient digital future.
In the Q1 2025 threat report by Gen, it's noted that the resurgence of Legion Loader, a remote access Trojan, has increased global risk indices drastically, particularly in countries like Germany, Belgium, Spain, Italy, New Zealand, Netherlands, Poland, United Kingdom, and Switzerland. This malware capitalizes on scams that masquerade as updates for devices and utilizes third-party websites to execute its operations. To mitigate these risks, users are advised to refrain from downloading content from unknown sources and adopt proactive measures in data-and-cloud-computing and cybersecurity, which are essential components of a smarter, safer, and more resilient digital world.
