New Lokibot campaign targeting corporate credentials and cryptocurrency wallets

• The new Lokibot campaign is designed to steal browser credentials, data from messaging apps, email credentials and cryptocurrency wallets’ data.
• The cybercriminals behind the campaign have used fake business emails to steal sensitive and confidential corporate information.

A new Lokibot campaign has been observed targeting corporations. The cybercriminals operating the new campaign is aimed at stealing corporate login credentials as well as the funds stored in cryptocurrency wallets.

In this campaign, Lokibot also steals browser credentials, data from messaging apps, email credentials. All of this data is sent back to the malware operators. The cybercriminals behind this campaign have been sending out copies of Lokibot to corporate email addresses, which they likely uncovered from publicly available souorces, including the targeted company’s own website.

“Imitating messages from well-known corporations is one of the most popular tricks in the hackers’ arsenal. Interestingly enough, fake emails used to be directed mostly at common users and customers, whereas now companies are increasingly the target,” Kaspersky Labs researchers, who uncovered the new campaign, wrote in a blog.

“The scammers passed off malicious files as financial documents: invoices, transfers, payments, etc. This is a fairly popular malicious spamming technique, with the message body usually no more than a few lines and the subject mentioning what exactly is purported to be attached.”

Modus operandi

Lokibot malware operators disguised malicious files as financial documents such as invoices, payments, transfers and more. This kind of spamming technique is fairly popular among cybercriminals. In most cases the message of such malicious emails contain a few lines and the subject refers to what is purported to be attached.

“Every year we observe an increase in spam attacks on the corporate sector. The perpetrators have used phishing and malicious spam, including forged business emails, in their pursuit of confidential corporate information: intellectual property, authentication data, databases, bank accounts, etc,” Kaspersky researchers said. “That’s why today it’s essential for corporate security measures to include both technical protection and training for employees, because their actions may cause irreparable damage to the business.”