Name of Malware: Latrodectus (Lotus)

Type of Malware:  Dropper, Backdoor, Stealer

Affected Operating Systems: Windows

Affected Device Types: PCs, laptops

Impact: high

What is Latrodectus ?

Latrodectus (also known as Lotus) is a modular Windows malware that was first discovered in October 2023 and is considered the successor to IcedID. It primarily acts as a downloader for other malware, backdoor and stealer and is distributed via phishing campaigns. The malware allows attackers to download additional malicious modules, execute commands and collect sensitive data.

How did I get infected with Latrodectus ?

Infection typically occurs through phishing emails with manipulated PDF or HTML attachments disguised as legitimate documents. When opened, an obfuscated JavaScript is executed, which loads and executes an MSI installation package or directly a DLL file containing Latrodectus.

What do I have to do now?

To remove Latrodectus, it is recommended to scan the infected system with an antivirus program. As the infection may be accompanied by other malware, it may be necessary to reinstall the operating system. Furthermore, all login passwords should be changed.

Further information on removing this malware can be found under Removing infections from PCs, laptops etc.

Technical specifications

Further information on this malware can be found on the website of our project partner Fraunhofer FKIE.