Lebal is the name that anti-virus product vendors gave to a fairly new piece of Malware, which allows cybercrooks to exfiltrate various information types from the computers that were infected successfully. So far, attacks involving Lebal have targeted mostly schools, government institutions and various businesses around the world. The infection usually occurs with the help of spear-phishing e-mails, which might trick the user into downloading an attached file or a file hosted on a 3rd-party service. Surprisingly, the group behind Lebal appears to use Google Drive to host the corrupted executable file, which is then propagated with the help of fraudulent e-mail messages. If the targeted user ends up downloading and executing the compromised files, they will set off a series of harmful operations whose purpose is to provide the attacker with access to the data stored onto the victim’s machine, as well as the ability to update the planted malware automatically.
The Google Drive is Used to Spread the Corrupted Lebal Executable
The bad executable file hosted on Google Drive has an icon identical to the one used by the Adobe Acrobat. Basically, the authors of the Lebal malware have taken very basic steps to make the executable file seems like a harmless document and, unfortunately, it seems that many users are falling for this trick.
When the Lebal is planted successfully, it can begin to exfiltrate various data from the computer. Its primary targets are e-mail login credentials, but it also has the ability to collect usernames and passwords used by various FTP clients, instant messaging services and even cryptocurrency wallets. This malware also can attempt to exfiltrate all saved passwords from popular Web browsers, therefore making it possible for the attackers to collect all of the login credentials of their unfortunate victims.
Identifying and Eliminating the Malware
One of the scariest things about Lebal is that it is virtually impossible for the average user to spot the presence of this threat. Lebal does not affect the computer’s performance, nor does it leave any traces behind it. Lebal simply works in the background and exfiltrates data for days, weeks or even months silently. The only surefire way to guarantee that you will never have to deal with the consequences of a Lebal’s attack is to use a reputable and up-to-date anti-malware application that is able to identify and terminate unsafe software immediately.