Threat Watch

Corporate Mailboxes Have Been the Target of Loki Bot Operators

Malicious attachments come in many different forms. In this case, corporate inboxes have been receiving messages that are disguised as orders or offers from other companies. All of the emails that were obtained came from the public-facing websites of the companies being targeted. The messages can infect the system from an attached ISO file. It is believed that the extension arrives partly with copies of optical discs that are then mounted to access their content. Dedicated software that handles the extension still exists, while modern operating systems can mount the ISO files directly. ISO files represent the complete images of optical discs, which has given cybercriminals the ability to use them as containers to distribute their malicious content. “The malware’s key objective is to steal passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets. Loki Bot dispatches all its loot to the malware owners.” This is a good example as to why employees should go through extensive training on technical protection because negligent actions by employees can affect the entire company.

ANALYST NOTES