Search This Blog

Showing posts with label Trojans. Show all posts

CISA Released A New Advisory on LokiBot Trojan


LokiBot, a trojan-type malware first identified in 2015 is popular amid cybercriminals as a means of creating a backdoor into compromised Windows systems to allow the attacker to install additional payloads.

It is an information stealer that uses a stealthy trick to evade detection from security software and steal personal data of victims including their usernames, passwords, bank details, and contents of cryptocurrency wallets – using a keyblogger that would monitor browser and desktop activities.

Recently, the U.S. government's cybersecurity and Infrastructure Security Agency (CISA) observed a significant increase in malicious infections via LokiBot malware starting from July 2020. During this period, CISA's EINSTEIN Detection System, responsible for protecting federal, civilian executive branch networks, noticed continuous malicious activity by LokiBot. Credited for being simple yet effective, the malware is often sent out as an infected attachment via email, malicious websites, texts, or personal messages to target Windows and Android operating systems.

Although LokiBot has been in cyberspace for a while now, attackers still often use it to illicitly access sensitive information. In a recent attack that was carried out in July, 14 different campaigns distributing payloads of LokiBot were launched by a group of threat actors popularly known as 'RATicate'. In another malspam campaign, attackers were found to be distributing payload of LokiBot in a spear-phishing attack on a U.S based manufacturing organization.

“LokiBot has stolen credentials from multiple applications and data sources, including Windows operating system credentials, email clients, File Transfer Protocol, and Secure File Transfer Protocol clients,” as per the alert issued on Tuesday.

Giving insights on the matter, Saryu Nayyar, CEO at Gurucul told via email, "The fact that LokiBot has been around for over four years and has gained in capability over time is a reflection of how much malicious actors have advanced the state of their art, leveraging the same development models we use in the commercial space."

Trojan attempts to trick victims into transfering funds

A new banking trojan that attempts to lure the victim into transferring funds to the cyber-criminals' accounts. Once the malware infects a system, it waits until the victim logs into his bank account.

Then it shows a fake message stating that a credit has been made to his account by mistake and gives a warning that the account will be frozen until the errant payment is transferred back.

To make the ploy more plausible, the malware modifies the amount displayed in his browser when he tried to view his account balance.  So unwitting users believe the message is true.

"The malware presents an already filled-in online transfer form — with the account and routing numbers for a bank account the attacker controls." security blogger Brian Krebs said.

The German Federal Crime Police warned the consumers about the scam. It is unclear how many have fallen victim to the scam.