If you’re a gamer, beware a new malware that’s pretending to be an ASUS utility. CoffeeLoader impersonates Armoury Crate , which manages ASUS and ROG software and peripherals, and infects your Windows machine with an infostealer that’s nearly impossible to detect.
How CoffeeLoader malware works
According to an analysis by ZScaler , once on your system, the CoffeeLoader malware delivers the Rhadamanthys infostealer , which can extract credentials from applications like web browsers, email clients, crypto wallets, and even the password manager KeePass.
CoffeeLoader then manages to evade most security tools on your device, including antivirus software and malware detectors, making it especially dangerous and difficult to catch. It does this in part by running on the graphics card (GPU), which security tools aren’t as likely to scan, rather than your computer’s CPU.
It also uses techniques like Call Stack Spoofing, which changes its trail of function calls to appear harmless, and Sleep Obfuscation, through which it encrypts and locks itself in your computer’s memory so it’s unreadable to security scanners. CoffeeLoader will also use pathways like Windows Fibers that are less likely to be monitored by security software.
How to protect your machine from CoffeeLoader malware
Malware like CoffeeLoader spreads successfully in part because it often looks like something trustworthy. Hackers may impersonate a brand like ASUS, leading you to believe you’re downloading real software, whether from an ad, an online forum, a fake website found in search results, or a phishing attack via email or messenger app.
To prevent a malware infection, use caution when downloading utilities or any type of software to your machine. Always go directly to the official site—rather than clicking through search results or a forum link—to ensure you’re getting the real thing. You should also follow basic cybersecurity best practices, like avoiding clicking links or opening attachments in messages that could be malicious.
If you believe your device is infected, there are a few steps you can take to remove malware from your machine. Start by disconnecting your PC from the internet and rebooting in safe mode. Search for and delete temporary files (Settings > System > Storage > Local Disk > Temporary files) and check Task Manager for suspicious activity or processes running on your device. In general, you can use a malware scanner to identify and remove infections.
