Kaspersky warns of a new Loki Bot campaign target corporate mailboxes

Security experts from Kaspersky Lab have uncovered a new spam campaign leveraging the Loki Bot malware to target corporate mailboxes.

The Loki Bot attacks started in July and aimed at stealing passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets

Loki Bot operators employ various social engineering technique to trick victims into opening weaponized attachments that would deploy the Loki Bot stealer.

The messages use attachments with .iso extensions, a type of file that worked as a container for delivering malware.

“Starting fromearly July, we have seen malicious spam activity that has targeted corporate mailboxes. The messages discovered so far contain an attachment with an .isoextension that Kaspersky Lab solutions detect as Loki Bot.” reads the analysispublished by Kaspersky.

“The malware’s key objective is to steal passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets. Loki Bot dispatches all its loot to the malware owners.”

The messages masquerade as notifications from other companies, or as orders and offers.

Threat actors are sending out copies of Loki Bot to company email addresses that were available on public sources or from the companies’ own websites.

Experts observed different spam messages including fake notifications from well-known companies, fake notifications containing financial documents, and fake orders or offers.

Researchers highlighted the importance for organizations of adopting security measures that include both technical protections and training for employees.

“Every year we observe an increase in spam attacks on the corporate sector.” Kaspersky concludes.

“The perpetrators have used phishing and malicious spam, including forged business emails, in their pursuit of confidential corporate information: intellectual property, authentication data, databases, bank accounts, etc.” 

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase