Carding
Professional
- Messages
- 2,871
- Reaction score
- 2,308
- Points
- 113
For a penny, you get an updated malware with modern features.
Cybersecurity company Cofense reports that LokiBot, one of the most popular ransomware programs, has become even more accessible to cybercriminals. Malware attracts attention for its simplicity and low cost, which makes it particularly attractive to a wide range of attackers.
LokiBot history and features
LokiBot was first introduced in 2015 on underground forums by a hacker under the pseudonym "lokistov", also known as" Carter", according to researchers from Cofense. Initially distributed on black markets in Eastern Europe, LokiBot became widely known in 2018. The malware quickly became popular and entered the top 5 families of malware distributed through phishing emails.
Reduced prices and new versions
Initially, LokiBot was priced from $450 to $540, depending on the selected version and additional features. However, after the source code was leaked in 2018, its price dropped to $80. It is assumed that either someone hacked the source code, or the creators themselves were victims of a hacker attack.
New versions of LokiBot include more sophisticated detection evasion techniques, as well as additional features for data theft and remote access.
How LokiBot works
LokiBot is usually distributed via email as an attachment or through exploiting vulnerabilities such as CVE-2017-11882 . After downloading and running, malicious code enters the system and begins collecting confidential information, including credentials from more than 100 different clients. Then a specialized HTTP packet is created and sent to the C2 server.
LokiBot infects computers , then searches for locally installed applications and extracts usernames and passwords from their internal databases. By default, LokiBot can attack browsers, email clients, FTP applications, and cryptocurrency wallets.
How to detect a threat
LokiBot is relatively easy to detect, as it actively connects to its C2 server. Most antivirus programs easily detect LokiBot because of its simplicity. You can also use specific strings in the application and network traffic to identify LokiBot.
The researchers emphasize that the main way to prevent the installation of LokiBot is not to allow unknown downloads from suspicious emails. Given the reduced price and ease of use, LokiBot remains one of the most dangerous tools in the arsenal of cybercriminals. This highlights the need for continuous monitoring and updating of security systems to protect against such threats.
In July, experts from FortiGuard Labs revealed a large-scale campaign to distribute the LokiBot malware (Loki PWS). The threat is notable for exploiting two known vulnerabilities, including the Follina vulnerability.
Cybersecurity company Cofense reports that LokiBot, one of the most popular ransomware programs, has become even more accessible to cybercriminals. Malware attracts attention for its simplicity and low cost, which makes it particularly attractive to a wide range of attackers.
LokiBot history and features
LokiBot was first introduced in 2015 on underground forums by a hacker under the pseudonym "lokistov", also known as" Carter", according to researchers from Cofense. Initially distributed on black markets in Eastern Europe, LokiBot became widely known in 2018. The malware quickly became popular and entered the top 5 families of malware distributed through phishing emails.
Reduced prices and new versions
Initially, LokiBot was priced from $450 to $540, depending on the selected version and additional features. However, after the source code was leaked in 2018, its price dropped to $80. It is assumed that either someone hacked the source code, or the creators themselves were victims of a hacker attack.
New versions of LokiBot include more sophisticated detection evasion techniques, as well as additional features for data theft and remote access.
How LokiBot works
LokiBot is usually distributed via email as an attachment or through exploiting vulnerabilities such as CVE-2017-11882 . After downloading and running, malicious code enters the system and begins collecting confidential information, including credentials from more than 100 different clients. Then a specialized HTTP packet is created and sent to the C2 server.
LokiBot infects computers , then searches for locally installed applications and extracts usernames and passwords from their internal databases. By default, LokiBot can attack browsers, email clients, FTP applications, and cryptocurrency wallets.
How to detect a threat
LokiBot is relatively easy to detect, as it actively connects to its C2 server. Most antivirus programs easily detect LokiBot because of its simplicity. You can also use specific strings in the application and network traffic to identify LokiBot.
The researchers emphasize that the main way to prevent the installation of LokiBot is not to allow unknown downloads from suspicious emails. Given the reduced price and ease of use, LokiBot remains one of the most dangerous tools in the arsenal of cybercriminals. This highlights the need for continuous monitoring and updating of security systems to protect against such threats.
In July, experts from FortiGuard Labs revealed a large-scale campaign to distribute the LokiBot malware (Loki PWS). The threat is notable for exploiting two known vulnerabilities, including the Follina vulnerability.
