Cyber Security News

SolidBit Ransomware Targets Gamers and Social Media Users with New Variant

Experts from Trend Micro analyzed a pattern of a new SolidBit Ransomware variant that aims at gamers and social media platforms. According to the reports, this malware was uploaded to GitHub, where it is masquerading as different applications like a League of Legends accounts checker tool and an Instagram follower bot, to lure in victims. 

SolidBit Ransomware Masquerading As Different Applications

This new version of ‘SolidBit ransomware’ is a.NET compiled binary. It is believed of being like a ‘LockBit ransomware’, as both share similarities in their chat support sites’ formatting and the file names of their ransom note.

SolidBit ransomware variant masquerading as a League of Legends account checker tool on GitHub

The researchers explain saying the League of Legends account checker on GitHub is packed with a file and instructions on how to use the tool but no GUI (Graphical User Interface).

“When an unsuspecting victim runs the application, it automatically executes malicious PowerShell codes that drop the ransomware. Another file that comes with the ransomware is named “Source code,” but this seems to be different from the compiled binary”, Trend Micro researchers.

Details about the fraudulent League of Legends account checker

Additionally experts noticed an executable file named Rust LoL Accounts Checker.exe protected by Safengine Shielden, which obfuscates samples and applications to make reverse engineering and analysis harder. On the execution of the file, an error window appears that debugging tools have been spotted.

Upon clicking this executable file, it will drop and execute Lol Checker x64.exe, which runs the malicious PowerShell codes that drop and execute the ‘SolidBit Ransomware’. Further, this file disables the Windows Defender’s scheduled scans by using PowerShell command. Finally, the file will drop and execute the file Runtime64.exe, called ‘SolidBit ransomware’.

Pop-up window that SolidBit ransomware shows on the victim’s screen

Analysis says the SolidBit Ransomware targets social media users and is utilized for ransomware-as-a-service (RaaS) activities. Therefore to mitigate the risk, organizations can implement ‘Trend Micro Vision One, which has multilayered protection and behavior detection capabilities. ‘Trend Micro Apex One’ also provides next-level automated threat detection and response to protect endpoints against advanced issues, like fileless threats and ransomware.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

7 mins ago

Defend Ransomware Attacks With Top Effective Proactive Measures in 2024

We're currently living in an age where digital threats loom large. Among these, ransomware has…

1 hour ago

GoTitan Botnet Actively Exploiting Apache ActiveMQ Vulnerability

Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ…

18 hours ago

Cybercriminals are Showing Hesitation to Utilize AI When Executing Cyber Attacks

Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears…

18 hours ago

Vigil: Open-source Security Scanner for LLM Models Like ChatGPT

An open-source security scanner, developed by Git Hub user Adam Swanda, was released to explore…

19 hours ago

Slovenia’s Biggest Power Provider has Suffered a Cyberattack

One of Slovenia's major power providers, HSE, has recently fallen victim to a significant cyberattack.…

19 hours ago