Windows users are once again being targeted by sophisticated malware known as LokiBot, which spreads through malicious Office documents.
According to a new advisory by Fortinet security researcher Cara Lin, attackers can use known vulnerabilities such as CVE-2021-40444 and CVE-2022-30190 to embed malicious macros within Microsoft Office documents. I’m in.
Once executed, these macros drop the LokiBot malware on the victim’s system, allowing the attacker to control and collect sensitive information.
LokiBot is a notorious Trojan that has been around since 2015 and primarily targets Windows systems, specializing in stealing sensitive information from infected machines.
LokiBot Infection Details: Lokibot, AgentTesla Grows On January 2023 Most Wanted Malware List
FortiGuard Labs conducted an in-depth analysis of the identified documents, examining the payloads they delivered and uncovering patterns of behavior exhibited by LokiBot.
Investigation revealed that the malicious document used various techniques to initiate the attack chain, including the use of external links and VBA scripts.
Once deployed, LokiBot malware performs a series of malicious activities that use evasive techniques to avoid detection and gather sensitive data from compromised systems.
“This is serious for three reasons,” said John Gallagher, vice president of Viakoo Labs at Viakoo. “This is a new LokiBot package that may not be easily detected, but is effective in covering its tracks and obfuscating its processes, potentially exfiltrating sensitive personal and business data. there is potential.”
To protect themselves from this threat, users are advised to be careful when working with Office documents and unknown files, especially those containing external links.
“Fortunately, Microsoft is leading the charge in terms of solutions and workarounds, so it is imperative that we notify everyone to keep their endpoint protection products up to date,” said Coalfire’s Vice. President Andrew Barratt commented.
“It also shows the value of an email filtering solution that can actively scan attachments before they reach someone’s inbox.”
Fortinet’s recommendation comes days after Barracuda Networks released a report suggesting a relatively small fraudulent group of fewer than 100 people was responsible for global email extortion.
