The Loki Bot attacks started in July and aimed at stealing passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets
Loki Bot operators employ various social engineering technique to trick victims into opening weaponized attachments that would deploy the Loki Bot stealer.
The messages use attachments with .iso extensions, a type of file that worked as a container for delivering malware.
“Starting from early July, we have seen malicious spam activity that has targeted corporate mailboxes. The messages discovered so far contain an attachment with an .iso extension that Kaspersky Lab solutions detect as Loki Bot.” reads the analysis published by Kaspersky.
“The malware’s key objective is to steal passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets. Loki Bot dispatches all its loot to the malware owners.”
The messages masquerade as notifications from other companies, or as orders and offers.
Threat actors are sending out copies of Loki Bot to company email addresses that were available on public sources or from the companies’ own websites.
Experts observed different spam messages including fake notifications from well-known companies, fake notifications containing financial documents, and fake orders or offers.
Researchers highlighted the importance for organizations of adopting security measures that include both technical protections and training for employees.
“Every year we observe an increase in spam attacks on the corporate sector.” Kaspersky concludes.
“The perpetrators have used phishing and malicious spam, including forged business emails, in their pursuit of confidential corporate information: intellectual property, authentication data, databases, bank accounts, etc.”
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.