Loki Bot: On a hunt for corporate passwords

Discussion in '0-day Release' started by RGiskardR, Aug 31, 2018.

  1. RGiskardR

    RGiskardR Malware Tester Silver Member

    [​IMG]

    Starting from early July, we have seen malicious spam activity that has targeted corporate mailboxes. The messages discovered so far contain an attachment with an .iso extension that Kaspersky Lab solutions detect as Loki Bot. The malware’s key objective is to steal passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets. Loki Bot dispatches all its loot to the malware owners.

    ISO images are copies of optical discs that can be mounted in a virtual CD/DVD drive to be used in the same way as the originals. Whereas in days of yore users needed dedicated software to open this type of image, today’s operating systems support the format out of the box, and if you want to access the contents of the file, all you need to do is double-click. Malicious spam uses this type of file as a container for delivering malware, albeit rarely.

    As mentioned above, hackers were sending out copies of Loki Bot to company email addresses that could be obtained from public sources or from the companies’ own websites.

    Full reading: https://securelist.com/loki-bot-stealing-corporate-passwords/87595/
     
    silversurfer likes this.
  2. Google Adsense

Share This Page