Technical analysis of a cyber-threat campaign using the dangerous and widespread “Lokibot” malware has revealed an updated method being used to conduct sophisticated attacks. The method includes three stages and three levels of encryption in the final payload, beginning with a phishing email containing a malicious Microsoft Excel attachment. The Excel attachment is obscured and requires the targeted victim to enable macros to view the contents, enabling the second stage of the attack. The final payload, Lokibot, is decrypted three times before being deployed on the targeted machine. Lokibot’s continued development since it was first detected, in 2016, has made it a popular choice for many malicious actors to harvest account credentials and sustain their operations.

×
Want these
Threat Intelligence reports sent straight to your inbox?
Subscribe below!
Thank you!
Error - something went wrong!
Most Recent Flipbooks
Weekly Intelligence Summary 21 October
Main story: Ransom Cartel and REvil: Partners in cybercrime?
Weekly Intelligence Summary 14 Oct
Main story: Hacktivists fan flames of Iranian anti-regime protests
Weekly Intelligence Summary 07 Oct
Main story: ProxyNotShell spells déjà vu for MS Exchange Server defenders
Weekly Intelligence Summary 30 Sept
Main story: Rogue ex-developer leaks LockBit 3.0 builder
Weekly Intelligence Summary 23 Sept
Main story: Uber compromised by Lapsus$'s resurgence
Weekly Intelligence Summary 16 Sept
Main story: Cyber attacks shock the Italian energy sector
Weekly Intelligence Summary 09 Sept
Main story: Back to school for students and ransomware groups
Weekly Intelligence Summary 02 Sept
Main story: LastPass suffers source code data breach