Lokibot malware swipes banking data by installing a keylogger
Data stealing is very common nowadays: most likely, you have already fallen victim to such a theft with or without knowing it. Some reports say that during the past year alone, an average US citizen had their data stolen four times or even more!
There is a number of techniques, which cyberthieves use to get hold of these data. For example, such tactics as phishing and malicious attachments to emails have long been popular, and the pandemic of COVID-19 actually provided cybercriminals with an idea for an effective bait.
Yet another new COVID-19-themed phishing campaign is taking place right now. The piece of malware distributed within this campaign not only can track everything you type on your keyboard – it can deprive you of your credit card data.
Lokibot messes everything up
Microsoft promptly issued an urgent notice about the new phishing campaign, which installs a keylogger on victims’ devices. Email attachments, distributed within the campaign, contain dangerous malware called Lokibot. Cybercrooks use subjects related to COVID-19 in order to trick victims into opening the email.
Lokibot is dangerous because when your system is infected, the malware silently waits for you to access specific resources such as PayPal and similar platforms or bank websites. When you are logging in your account, Lokibot records the keystrokes and sends these data back to the criminals.
At first, COVID-19-related phishing campaigns had their subject lines related to various news about spreading of the virus, info ostensibly about treatments, etc. But with several states’ easing stay-at-home restrictions, such campaigns are switching to other baits as well.
For example, one of such emails ostensibly from the “Center for Disease Control & Management” promises info on some “Business Continuity Plans” – it’s clear that this campaign is aimed at business owners. The real organization named Centers for Disease Control & Prevention has nothing to do with these infested emails.
How not to fall victim to Lokibot?
Lokibot is a typical example of so-called spyware - a large family of programs, which steal your personal data sending them back to the software’s distributors. One of the most dangerous kinds of spyware is keylogging software, or simply keyloggers. One of the simplest common-sense tips is staying clear from emails from unfamiliar sources, especially the ones with attachments. Just never open spam emails, however attractive their subject line might seem.
Luckily, this campaign has been promptly detected by Threat Protection’s machine learning algorithms from Microsoft. It allowed Microsoft to identify this malware on time, so now Windows Defender users are automatically protected from this particular malware.