Saturday, July 11, 19:08
Home security LokiBot trojan is spreading a new malware campaign on COVID-19

LokiBot trojan is spreading a new malware campaign on COVID-19

Its security researchers FortiGuard Labs have discovered a new campaign that exploits its outburst Coronavirus COVID-19, sending emails which are supposed to come from the World Health Organization (WHO) with the aim of spreading a malware, LokiBot trojan. The malware campaign on COVID-19 was revealed on March 27, when researchers discovered emails allegedly coming from the WHO with the aim of announcing ways to deal with the misinformation related to the outbreak of COVID-19. These emails use an attachment entitled "COVID_19- WORLD ORGANIZATION HEALTH", which is distributed by LokiBot trojan.

FortiGuard Labs recently discovered a new email on COVID-19 sent by [159.69.16 [.] 177], which uses the World Health Organization's trademark, in an effort to convince recipients of its authenticity. . The email is entitled "Coronary heart disease (COVID-19)" Significant announcement [.]. It also includes an attachment entitled "COVID_19- WORLD ORGANIZATION HEALTH" which appears to contain additional information, but is in fact a trap for recipients to receive malware. In addition, the email contains information about the pandemic along with suggestions and treatment tips. It is written in English, but researchers believe that hackers hiding behind this campaign are not English-speaking, given the spelling, grammar and punctuation they use. The message is supposed to come from a WHO Disease Control Center. Hackers seem to be linking his name WHERE with the US Centers for Disease Control (CDC), despite the fact that the two organizations are separate. The attached “COVID_19- WORLD ORGANIZATION HEALTH ORGANIZATION” is a compressed file in ARJ format, a format most likely used to avoid detection. By clicking on the attachment and decompressing the file, users will see an "DOC.pdf.exe" extension instead of "", which prompts them to open the file.

Once the file is opened, the LokiBot trojan infusion begins. Then, malware steals sensitive information, such as various credentials, including FTP credentials, stored passwords email, passwords stored in Browser and other. URL: hxxp: / / bslines [.] Xyz / copy / five / fre.php.

LokiBot has been known since 2015. It is a malware that has been used in many malspam campaigns to steal credentials from browsers, customer emails, management tools, and has also been used to target cryptocurrency holders. The original LokiBot malware was developed and sold via email by a hacker who appears on the internet under the pseudonym "lokistov" (also known as Carter). It was initially advertised in many hacking forums, selling for up to $ 300, and later other hackers began offering it for under $ 80 to "underworlds." cybercrime.

Researchers at FortiGuard have found that users around the world are infected with the specific malware campaign that exploits COVID-19, most of which are found in Turkey (29%), Portugal (19%), Germany (12%), Austria (10%) and USA (10%). Infections related to this campaign have also been identified in Belgium, Puerto Rico, Italy, Canada and Spain.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


The best books of 2020, according to Amazon

If you like good books and are looking for new additions to your collection, choose from the 5 best books, according to ...

US Secret Service: Warns of increased attacks on MSPs

In June, the US Secret Service warned the private sector as well as government agencies that there has been a worrying increase ...

Create an imaginative meme and win a OnePlus Nord

One of the most anticipated financial smartphones of OnePlus, the OnePlus Nord, is going to be presented soon at an event that will take place ...

Sony: Invest $ 250 Million in Fortnite Epic Games!

Sony has made an investment of $ 250 million to acquire a 1,4% stake in Epic Games, ...

C-Data FTTH OLT devices contain backdoors

Serious vulnerabilities and backdoors were discovered by two security researchers in the firmware of 29 FTTH OLT devices, the popular equipment provider C-Data.

Spotify, Pinterest and Tinder are "crashing" because of D. Facebook

Popular applications and services, such as Spotify, Pinterest and Tinder, have cracked iOS devices ....

Technology and Teachers: What Do Experts Appreciate?

Too many educators around the world have struggled to adopt the technological tools in the midst of the pandemic to deliver lessons ...

COVID-19 apps: Virus detection applications violate privacy

COVID-19 apps: Beware, they violate private privacy Virus detection applications violate private privacy by recording more data than they need, setting ...

Debian 8 “Jessie”: Another version in End-of-life stage

After a long support of Debian 8 "Jessie", the development team of the operating system announced that it stops ...

Conti ransomware: Is it the successor to Ryuk ransomware?

Conti ransomware is a new threat targeting corporate networks. Its advanced capabilities allow it ...