LokiBot Malware Can Now Hide Its Source in Different File Formats

LokiBot is a pop malware that keeps getting updated with new features and capabilities. The latest update brings in a major feature that allows it to become more undetectable and stealthy.

The new feature is the ability to hide the source code of the malware inside files. This technique of hiding codes in other file formats is known as steganography and information technology is not limited to but image files and can be done on a variety of other file formats. While steganography can be used for a lot of constructive purposes similar hiding ownership identification data to evidence custody, using it in malware can consequence in undesirable results.

According to the researchers at Trend Micro, information technology has been known that LokiBot malware was used in emails. The attachments in the email had the normal .doc format. Only, it turns out the file was really in Excel and .json format which led to VBS macro code execution that was embedded in the worksheet. Tendency Micro has given a pictorial representation of the menses of the process which you lot can see below.

Upon farther investigation on files flagged on VirusTotal, they were able to identify LokiBot'due south source code on an image of popular Australian singer Sia.

"As one of the well-nigh active information stealers in the wild today, LokiBot shows no signs of slowing down. The updates to its persistence and obfuscation mechanisms show that LokiBot is nonetheless beingness updated and will probable remain a threat to be dealt with in the near future.", remarks Trend Micro.

LokiBot has the potential to steal information from your PC, behave like a keylogger to rail all your keystrokes or even constitute backdoors in your organisation. Since malware is getting more powerful every 24-hour interval, nosotros hope anti-malware companies catch up on actively detecting and blocking them without causing much impact.