Microsoft has found a new COVID-19 phishing
campaign targeting businesses using the LokiBot information-stealing Trojan.
Microsoft Security Intelligence twitted today
details of detected campaign.
LokiBot steals login credentials from
different browsers, mail, FTPs, save them and then send to the attackers’
server. Microsoft was able to detect this attack using Microsoft Threat
Protection’s machine learning algorithms.
According to Microsoft, new phishing campaign
used COVID-19 lures to trick victims to open malicious attachment.
The first email pretends to be from the
Centers for Disease Control (CDC) with COVID-19 update and “Business continuity
plan announcement starting May 2020”.
The second email pretends to be from a vendor
and asking to update banking information.
Both emails contain malicious ARJ (archive skipped
by anti-malware scanners) attachment. When victims open attachment, they get
infected by LokiBot Trojan.
No comments:
Post a Comment