Wednesday | Apr 30 2025 |

New Loki Bot Malware steals Data from Emails, Browsers and FTP Client

BW Online Bureau Sep 03, 2018

A new variant of Loki Bot Malware has been recently discovered, spreading as a .iso extension that targets Corporate network and applications to steal passwords from Browsers, Messaging Applications, Mail and FTP Client.

The Loki malware is mainly targeting corporate networks across the globe and steal a large amount of sensitive information.

How is the malware spreading?
Hackers have been spreading the malicious payload via email that contains a .iso attachment(ISO images are copies of optical discs that can be mounted in a virtual CD/DVD drive to be used in the same way as the originals).  Once the user clicks on the .iso attachment the malware is downloaded into their system.

Hackers have been using various social engineering techniques like fake notification from reputed companies, ordering forms, etc., to get the user into downloading the malware.

Ankush Johar, director at Infosec Ventures, said: "It's no rocket science for the attackers to scam reputed organisations and consumers with phishing emails intended to steal confidential information. Low tech is crucial and can do as much harm as is done by High Tech.

"Humans are the weakest link in cybersecurity. Most advanced attacks are done by social engineering on this human layer. Users should be vigilant while clicking links and opening unknown emails.

"You are responsible for your own security of data. Few tips that should be followed:

* Never click on unknown links or reply to spam emails.
* Your bank or organization will never ask for any confidential data over phone or email.
* Be aware of any social engineering tactics that can be used by hackers to steal data.
* Use strong alphanumeric passwords.
* Never leave your system unattended.
* Do not connect to unknown WiFi networks.
* Use two-factor authentication wherever possible.
* Keep your system updated with legitimate antivirus software
* If you are running an organization, train your employees and make them aware of the common phishing attacks. Hackers often target employees in order to gain confidential information.

Also Read

SECURITY
Sep 11, 2024
CIA’s CIO La’Naia Jones Discusses AI Driving National Security
3 mins read
SECURITY
Aug 27, 2024
OpenAI backs California's AI legislation mandating "watermarking" of synthetic material.
2 mins read
SECURITY
Sep 08, 2021
Wipro and Securonix Announce Partnership to Deliver Managed Security Services
3 mins read
SECURITY
Jun 16, 2021
Factors To Consider For The Security Of Cloud Infrastructure
5 mins read
SECURITY
Feb 25, 2021
Digitalization Brings Forth A New Area Of Expertise For CFOs: Cybersecurity
5 mins read
SECURITY
Dec 29, 2020
Cybersecurity Tips For The Household CIO Of 2020
4 mins read

Subscribe to our newsletter to get updates on our latest news