Malware
LOTUSLITE
According to Acronis, LOTUSLITE is a custom C++ backdoor delivered via DLL sideloading, where a simple loader executable is used to load a malicious DLL that acts as the primary implant.
According to Acronis, LOTUSLITE is a custom C++ backdoor delivered via DLL sideloading, where a simple loader executable is used to load a malicious DLL that acts as the primary implant. It establishes persistence through filesystem changes and user-run registry entries, and communicates with a hard-coded command-and-control server over HTTP(S) using the Windows HTTP APIs and a custom binary protocol. The malware supports espionage-focused capabilities including system and user enumeration, spawning an interactive command shell with redirected I/O, directory listing, and file read/write operations. Its code shows relatively low development maturity and limited evasive features, emphasizing rapid deployment and operational reliability over sophisticated stealth.
Family metadata imported from Malpedia (Fraunhofer FKIE).