Do you know what Lampion is?
Lampion is a Trojan infection that targets users in Portugal. It is very likely that this infection affects not only individual users but also organizations and various companies. To avoid this infection, it is necessary to raise awareness about phishing campaigns that have clear methods or targets. Although it might not be that hard to remove Lampion from the infected system, it might take a while to notice that the system has been infected. Hence, it is important to share information about phishing campaigns that deliver this and other dangerous infections.
Trojans might come as stand-alone infections, or they might bring along something else. That’s why there are backdoor Trojans, malware droppers, Trojan downloaders, and so on. When a Trojan downloads additional infection, it might be easier to determine that your system has been compromised, especially if that additional infection as a user’s interface. For instance, if it is a ransomware infection, you will know that you have been infected for sure.
Now, when it comes to Lampion, things get trickier. This program doesn’t have a user’s interface, and it can remain hidden in your system for a long time before you notice that something is off. According to security researchers, this infection is based on the ChePro banker Trojan family, but the main code has been modified. With these modifications in place, it is harder to detect and analyze this infection. Therefore, if you use a security application, you have to make sure that it has the latest malware definitions, and that it is constantly updated.
Of course, it would be for the best if we could avoid Lampion instead of battling it on our systems. When it comes to the Trojan distribution, it employs probably the most common distribution method: phishing campaigns. As mentioned, the infection targets systems in Portugal, and so, the spam email that distributes this Trojan is entirely in Portuguese. It also uses the template that is employed by the Portuguese Government Finance & Tax. Therefore, at first glance, it might look like a regular email about taxes and other financial issues. What’s more, since the email usually comes with an urgent message, users might overlook checking the credibility of that email, and they might automatically download the attached file.
Please note that downloading the attached ZIP file and extracting it doesn’t automatically infect your system with the Trojan. You need to launch the file that carries the malicious code. Out of the three files in the ZIP folder, the VBS format file launches the infection. Again, to avoid this infection, you might as well scan all the downloaded files with a security tool. It’s not just about Lampion; it’s one of the better ways to prevent ransomware from entering your system, too.
However, if users run all the downloaded files, and Lampion gets installed on the target system, the infection will be executed in several stages. The program doesn’t do anything to the system right from the very start. It first needs to connect to its control and command center, so that it could receive information on further tasks.
Judging from the information collected by security researchers, Lampion functions like your general Trojan infection that can be used as an espionage tool. In other words, this program can run in the background of your system, collecting keystrokes and logging sensitive information before sending it out to its owners. Also, depending on the victim, the scope of the Trojan’s functions may differ. Again, this just shows how important it is to prevent such infections from entering your system.
You can use the manual removal guidelines below this description to get to rid of Lampion, but it might not be enough to terminate all the malware-related files. For that, you should invest in a powerful security application that will locate all the malicious files and remove them automatically. Let’s not forget about other potential threats that might be hiding on your system. So, the sooner you terminate all the malicious threats, the better.
Finally, do not hesitate to learn more about malware and how to protect your system from it. Using security programs is good, but a lot depends on your online behavior, too.
How to Remove Lampion
- Press Win+R and enter %APPDATA%. Press OK.
- Remove the dhapdezbulu.vbs file and the 56985310494899 folder.
- Navigate to Microsoft\Windows\Start Menu\Programs\Startup.
- Remove the dhapdezbulu.lnk file.
- Use SpyHunter to run a full system scan.
In non-techie terms:
Lampion might not be the most dangerous computer infection out there, but there’s no fun in dealing with a Trojan. This program can slither into the target system behind user’s back and collect sensitive information, so it could share it with its owners later on. Users need to be aware of multiple threats like Lampion floating around, so that they could remove it immediately. Do yourself a favor and invest in a security tool right now to safeguard your system against the likes of Lampion.