Beware of LOBSHOT Malware: How You Can Protect Your Small Business

Tuesday, May 2, 2023

In the digital jungle of the 21st century, small businesses are faced with a cunning predator lurking in the shadows – LOBSHOT Malware. This vicious cyber threat is ready to pounce at the slightest vulnerability, putting your valuable data and hard-earned reputation at risk. But fear not, for this blog post is your survival guide!  Read on as we reveal the secrets of LOBSHOT Malware, and arm your small business with the knowledge and tools needed to outsmart this menacing foe. Together, we'll ensure your business remains a thriving force in the online world!

Understanding LOBSHOT Malware

On April 23, 2023, cybersecurity experts reported a new malware called LOBSHOT that targets Windows devices and gives hackers hidden VNC access. VNC stands for Virtual Network Computing, and it is a technology that allows you to remotely access and control a computer's desktop from another device. 

In simpler terms, VNC access lets you see and interact with a computer's screen, as if you were sitting right in front of it, even though you might be miles away. This remote access can be helpful for tasks like providing technical support, working from home, or managing servers. However, in the context of malware like LOBSHOT, unauthorized VNC access can be dangerous, as it allows cybercriminals to take control of a victim's computer without their knowledge.

How LOBSHOT Malware Is Distributed

LOBSHOT malware is being distributed through Google Ads, which promote the legitimate AnyDesk remote management software. However, these ads redirect users to a fake AnyDesk site that pushes a malicious MSI file. An MSI file is short for Microsoft Installer file, which is a type of file used to install software on Windows computers. It contains all the necessary information and instructions for the installation process, such as where to place files, how to create shortcuts, and how to update the Windows registry. When you double-click an MSI file, it launches the installation process, guiding you through the steps to set up the software on your computer. However, it's essential to be cautious with MSI files, especially if they come from unknown sources, as malicious software can be disguised as a legitimate installer in the form of an MSI file, leading to malware infections. 

Once installed, LOBSHOT checks for cryptocurrency wallet extensions and executes a file in C:\ProgramData. The malware also includes an hVNC module. An hVNC module, or hidden Virtual Network Computing module, is a tool that enables remote access and control over a computer's hidden desktop. 

Unlike regular VNC access, which allows users to remotely access and control a visible desktop, hVNC operates covertly, without the computer's user noticing any changes on their screen. This hidden access creates a separate desktop environment that runs in the background, making it particularly appealing to cybercriminals who want to manipulate a victim's computer without being detected. 

In the context of malware, an hVNC module can be very dangerous, as it allows attackers to carry out malicious activities on the infected computer without raising suspicion. This access could lead to ransomware attacks, data extortion, and other cybercrimes.

Tips for Protecting Your Small Business

  • Educate your employees

    Make sure your team is aware of LOBSHOT malware and the dangers it poses. Train them to identify suspicious ads and avoid clicking on them. Additionally, teach them how to recognize phishing emails and other social engineering tactics that could lead to malware infection.

  • Keep software up-to-date

    Regularly update your operating systems, browsers, and other software to ensure that you have the latest security patches. This will help protect your devices from known vulnerabilities that cybercriminals exploit.

  • Implement strong security policies

    Establish and enforce strict security policies in your business, such as restricting the installation of software from unknown sources, enforcing the use of strong passwords, and implementing multi-factor authentication (MFA).

  • Use a reputable antivirus solution

    Invest in a reliable antivirus solution that will detect and remove malware, including LOBSHOT. Keep your antivirus software up-to-date to ensure it can detect the latest threats.

  • Regularly back up your data

    In case of a ransomware attack or data loss, having up-to-date backups of your critical business data is essential. Store your backups in a secure offsite location or use a cloud-based backup service.

  • Monitor your network

    Regularly monitor your network for unusual activity or signs of intrusion, and promptly investigate any potential security incidents. This proactive approach can help you detect and respond to threats more quickly.

  • Seek professional help

    If you suspect that your network has been compromised, contact a cybersecurity professional or IT consultant. They can help you assess the situation, mitigate risks, and implement a plan to prevent future attacks.

The rise of LOBSHOT malware is a reminder that you must remain vigilant in the face of ever-evolving cyber threats. In the spectrum of the digital security paradigm, small businesses are often the most vulnerable, primarily due to the scarcity of resources, making them easy targets for adversaries like LOBSHOT. This is where Lockwell comes to your aid, armed with a multi-layered and robust defense approach.

Designed to serve businesses like yours, Lockwell pours the strength of enterprise-level cybersecurity into a user-friendly, AI-driven platform that actively safeguards against threats like LOBSHOT and many others. We protect your business data at its source, ensuring stored, transmitted, and accessed data is secured from cyber attackers' prying eyes.

Remember, a proactive approach to cybersecurity is the best way to safeguard your small business in today's digital landscape. Lockwell is more than just a cybersecurity platform—it's a relentless, digital guardian of your small business.