EPIC Games Launcher Download And Installation Faked By LokiBot Trojan Malware Campaign

Gamers intending to download EPIC Games Launcher, the platform used to access highly popular online multiplayer video game Fortnite, are being fooled by a new malware campaign. Considering the high number of active players and many more interested in the games offered by EPIC Games, the new virus-laden downloader may have been unsuspectingly accessed, downloaded and installed by many.

A new LokiBot campaign is attempting to infect users by impersonating the launcher for EPIC Games. The campaign has cleverly created a duplicate launcher setup that resembles the original EPIC Games launcher download site and application. The fake downloader is being carefully offered to unsuspecting users through cleverly crafted phishing or mass mailing campaigns. Moreover, the LokiBot-laden fake launcher includes several tricks to avoid detection and deletion by popular antivirus programs.

LokiBot Trojan Malware Attempts To Ride On EPIC Games And Fortnite Popularity:

Cybercriminals are distributing a powerful form of trojan malware by spoofing a launcher for one of the world’s most popular video games. The new LokiBot campaign is attempting to infect users by disguising itself as the launcher for EPIC Games, the main developer, and distributor of the highly popular online multiplayer video game Fortnite.

Cybersecurity researchers at Trend Micro first uncovered the new LokiBot Trojan Malware campaign. They claim the unusual installation routine has been helping the virus avoid detection by antivirus software. Researchers claim the developers of the fake EPIC Games launcher or downloader are distributing the same through spam phishing emails. These emails are being sent in bulk to potential targets.

The Fake EPIC Games Downloader uses the original company logo to appear legitimate. Incidentally, the LokiBot Trojan Malware creators have regularly used phishing email campaigns to deploy their viruses. While several email platforms are able to detect and mark such mass emails as spam, a few carefully crafted emails may slip through.

How Does The New Fake EPIC Games Launcher LokiBot Trojan Malware Infect Computers?

After an unsuspecting user downloads the fake EPIC Games launcher infected with LokiBot Trojan Malware, the virus drops two separate files — a C# source code file and a .NET executable — into the app data directory of the machine. The C# source code is heavily obfuscated. It contains a large amount of meaningless or junk code that appears to be a masking technique to prevent antivirus software from capturing the virus.

After successfully bypassing any security measures on the machine, the .NET file reads and compiles the C# code. In other words, the campaign codes the package and decrypts the same before executing the LokiBot on the infected machine.

The LokiBot Trojan Malware first emerged in 2015. It is meant to create a backdoor into infected Windows systems. The malware is designed to steal sensitive information from victims. The malware attempts to steal usernames, passwords, bank details, and the contents of cryptocurrency wallets.

The most common tool inside the malware is a keylogger that monitors browser and desktop activity. The new variant of the LokiBot trojan malware essentially installs a backdoor required to steal information, monitor activity, install other malware. However, it can also be used to deploy additional malware or viruses.

Users or gamers are cautioned that they only download software and attachments from trusted sources. EPIC Games and developers of legitimate software can work with security organizations to deploy security solutions that secure networks and detect potential threats.

Alap Naik Desai


A B.Tech Plastics (UDCT) and a Windows enthusiast. Optimizing the OS, exploring software, searching and deploying solutions to strange and weird issues is Alap's main interest.