Dropbox Sign Breach Exposes Customer Data
Cloud storage giant Dropbox has recently disclosed a data breach affecting its eSignature service, Dropbox Sign (formerly HelloSign). The incident highlights the ongoing risks businesses…
LokiBot Malware Targets Microsoft Word Documents
The trojan malware known as LokiBot or Loki PWS has been identified as a significant threat primarily targeting Windows operating systems. Recent reports indicate that this malware has been disseminated through Microsoft Word files, utilising remote code execution techniques to exploit known vulnerabilities present within the software.
The primary objective of these Word documents is to secretly download an enclosed XML file, which subsequently initiates the delivery of an HTML file. This HTML file, in turn, exploits the Word vulnerabilities, ultimately facilitating the deployment of the LokiBot injector, which is based on the Visual Basic programming language. Security researchers have also uncovered a second attack chain that launches a Visual Basic script and macro upon opening the document.
The intended purpose of this malicious campaign is to collect sensitive information from the infected machines secretively. Given these developments, it is essential to exercise utmost caution when handling Word files, especially from unfamiliar sources, to mitigate the risk of falling victim to this harmful malware.
LokiBot is equipped with a range of harmful functionalities, including keylogging, screen capturing, data harvesting, and authentication theft. These capabilities illustrate the malicious nature of the trojan and emphasise the importance of exercising caution when handling email attachments and similar files.
Moreover, researchers have observed that once the malware is delivered, it employs obscure techniques to evade user and antivirus software detection. As such, it is crucial to remain vigilant and take necessary precautions to protect against this sophisticated threat.
There are a few ways in which you can help reduce the possibility of being infected by malware like Lokibot:
- Exercise caution when opening and downloading Office documents from an email or the internet, primarily if they are from unfamiliar sources and/or contain external links.
- Always verify domain names and email addresses to help prevent phishing attempts from luring the user into clicking/downloading harmful links. Double-checking the legitimacy of URLs, you click on is one of the most effective ways of preventing infection.
- Have antivirus and email filtering enabled to help in detecting these threats early.
- Update software and operating systems as soon as patches are released, as these may have fixes for the vulnerabilities that LokiBot and its delivery methods exploit.
- Implement two-factor authentication (2FA), as this makes it harder for LokiBot to gain access to your account if it manages to steal your username/password credentials.
- Disable macros in Microsoft Word unless necessary and from trusted sources to minimise the risk of spreading through specific delivery methods. Details of how to do this can be found here.
If you receive a phishing message via email or text, you can report them to the National Cyber Security Centre’s phishing report system.
You can find advice on phishing scams, how to spot phishing attacks, and how to report them below:
Related Links
Related articles
Social Media Fraud: The Evolving Threat and How to Defend Yourself
Social media platforms offer connection and entertainment, but they’ve also become a hunting ground for sophisticated scammers. These criminals are increasingly turning to a combination…
DarkGate Malware: Threat Exploiting AutoHotkey
The DarkGate malware family, a persistent threat since 2018, has recently resurfaced in a sophisticated global campaign. This Remote Access Trojan (RAT), built using the…