New Loki Bot Campaign Attacks Corporate Mailboxes

Kaspersky Lab security researchers reported that they have found a new spam campaign which attacks corporate mailboxes by using the Loki Bot malware.

According to the experts, the developers of Loki Bot malware use various social engineering technique to make victims open malicious attachments which would deploy the Loki Bot stealer.

The spam messages contain attachments with .iso extensions, a type of file that works as a container for delivering malware.

“Starting from early July, we have seen malicious spam activity that has targeted corporate mailboxes. The messages discovered so far contain an attachment with an .iso extension that Kaspersky Lab solutions detect as Loki Bot.” the Kaspersky analysis states.

“The malware’s key objective is to steal passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets. Loki Bot dispatches all its loot to the malware owners.”

Usually, the spam messages are disguised as notifications from other companies, or as orders and offers.

The malware operators are sending out copies of Loki Bot malware to companies’ email addresses which are available on public sources or at the companies’ own websites.

The security researchers have noticed different types of spam messages which include fake notifications from popular companies, fake financial documents, and fake offers or orders.

“Every year we observe an increase in spam attacks on the corporate sector. Kaspersky Lab says.

“The perpetrators have used phishing and malicious spam, including forged business emails, in their pursuit of confidential corporate information: intellectual property, authentication data, databases, bank accounts, etc.”

According to the experts, the importance for organizations of adopting security measures including both – technical protections and training for employees, is a key factor for their online protection.

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.