Technical analysis of a cyber-threat campaign using the dangerous and widespread “Lokibot” malware has revealed an updated method being used to conduct sophisticated attacks. The method includes three stages and three levels of encryption in the final payload, beginning with a phishing email containing a malicious Microsoft Excel attachment. The Excel attachment is obscured and requires the targeted victim to enable macros to view the contents, enabling the second stage of the attack. The final payload, Lokibot, is decrypted three times before being deployed on the targeted machine. Lokibot’s continued development since it was first detected, in 2016, has made it a popular choice for many malicious actors to harvest account credentials and sustain their operations.
A new web portal is aiding cyber-threat incident responders by detailing vulnerabilities in popular malware.
Most Recent Flipbooks
Main story: Uber compromised by Lapsus$'s resurgence
Main story: Cyber attacks shock the Italian energy sector
Main story: Back to school for students and ransomware groups
Main story: LastPass suffers source code data breach
Main story: LockBit under DDoS attack: Entrust strikes back?
Main Story: Cisco defies extortion attempts after network breach
Main story: Cybercriminals scramble for new hiding places after 911 proxy service folds
Main story: Free-to-use Redeemer opens doors for ransomware enthusiasts
Main story: LockBit launches new version, welcomes bug hunters
Main story: Attackers seize Microsoft zero-day for malware dissemination, espionage