League of Legends players targeted by the WIN32:EVO trojan

Cybercriminals and hackers will try various techniques to gain information from their victims. The most used technique is the remote access trojan which allows the cybercriminal to gain full control of the infected device.

League of Legends player infected with Trojan
League of Legends player infected with Trojan

In the League of Legends Facebook group, a user posted a picture which can be seen above. The picture clearly shows an warning for the Win32:Evo-Gen trojan. The antivirus package directly send the malicious lolpatcher.exe file to the sandbox environment of the AVAST antivirus.

We did some research on the Win32:EVO-Gen trojan, and this is what we found: The Win32:EVO-gen trojan is often installed via malicious codes which have been activated by unaware computer users. The source of this trojan will vary, but it is often send via e-mail and social media networks. In this case it could be possible that the user tried to use a hack/cheat for the League of Legends game.

It often occurs that gamers will search for cheats and trainers – and end up getting infected with an remote access trojan which has been deployed to steal personal information. In this case it would be possible that the hacker is after the League of Legends accounts.

The Win32:EVO-Gen trojan will copy itself to the system, once it has copied itself it will register itself within the register. The Win32:EVO-Gen trojan will then continue to deploy itself at the startup, making it hard to delete for non-it people.

The trojan allows the hacker to perform various tasks on the infected device. In the list below, you will see some tasks which could be performed via the remote access trojan, but do note that it is not limited to the list below:

  • Update the C&C with the infected device IP
  • Send stolen information
  • Download and execute other types of malware
  • Start the webcam