Beware of This Information-Stealing Malware on Windows
If you’re a gamer, beware of new malware that pretends to be an ASUS utility. CoffeeLoader poses as Armory Crate , which manages ASUS and ROG software and peripherals, and infects your Windows computer with an information thief that is nearly undetectable.
How the CoffeeLoader malware works
According to ZScaler analysis , the CoffeeLoader malware, once on your system, delivers the infostealer Rhadamanthys , which can extract credentials from applications such as web browsers, email clients, crypto wallets, and even the KeePass password manager.
CoffeeLoader then manages to bypass most security tools on your device, including antivirus software and malware detectors, making it especially dangerous and difficult to detect. This is achieved in part by running on the graphics card (GPU), which security tools are unlikely to scan, rather than on your computer’s processor.
It also uses techniques such as call stack spoofing, which alters the chain of function calls to make them appear harmless, and sleep obfuscation, by which it encrypts and locks itself in your computer’s memory so that it cannot be read by security scanners. CoffeeLoader will also use paths such as Windows Fibers, which are less likely to be monitored by security software.
How to protect your computer from CoffeeLoader malware
Malware such as CoffeeLoader spreads successfully in part because it often appears to be trustworthy. Hackers can impersonate a brand like ASUS, tricking you into thinking you’re downloading real software, whether from an ad, an online forum, a fake website found in search results, or a phishing attack through an email or messaging app.
To prevent malware infection, use caution when downloading utilities or any type of software onto your computer. Always go directly to the official website rather than looking at search results or a forum link to make sure you’re getting the real thing. You should also follow basic cybersecurity best practices, such as avoiding clicking on links or opening attachments in messages that could be malicious.
If you think your device is infected, there are several steps you can take to remove malware from your computer. First, disconnect your computer from the Internet and restart it in Safe Mode. Find and delete temporary files ( Settings > System > Storage > Local Disk > Temporary Files ) and check the Task Manager for any suspicious activity or processes running on your device. In general, you can use a malware scanner to identify and remove infections.