- ITDM 2025 전망 | 금융 플랫폼 성패, 지속가능한 사업 가치 창출에 달렸다” KB국민카드 이호준 그룹장
- “고객경험 개선하고 비용은 절감, AI 기반까지 마련” · · · AIA생명의 CCM 프로젝트 사례
- 2025年、CIOはAIに意欲的に投資する - そしてその先も
- The best robot vacuums for pet hair of 2024: Expert tested and reviewed
- These Sony headphones eased my XM5 envy with all-day comfort and plenty of bass
LokiBot Malware Targets Windows Users in Office Document Attacks
Windows users have been targeted again by the sophisticated malware known as LokiBot, which is spreading through malicious Office documents.
According to a new advisory by Fortinet security researcher Cara Lin, attackers are leveraging known vulnerabilities, such as CVE-2021-40444 and CVE-2022-30190, to embed malicious macros within Microsoft Office documents.
Once executed, these macros drop the LokiBot malware onto victims’ systems, allowing the attackers to control and collect sensitive information.
LokiBot, a notorious Trojan active since 2015, specializes in stealing sensitive information from infected machines, primarily targeting Windows systems.
Read more on LokiBot infections: Lokibot, AgentTesla Grow in January 2023’s Most Wanted Malware List
FortiGuard Labs conducted an in-depth analysis of the identified documents, exploring the payload they delivered and highlighting the behavioral patterns exhibited by LokiBot.
The investigation revealed that the malicious documents employed various techniques, including the use of external links and VBA scripts, to initiate the attack chain.
The LokiBot malware, once deployed, used evasion techniques to avoid detection and executed a series of malicious activities to gather sensitive data from compromised systems.
“It’s serious in three ways,” said John Gallagher, vice president of Viakoo Labs at Viakoo, referring to the new attack. “It’s new packaging for LokiBot and may not be detected easily, it is effective in covering its tracks and obfuscating its process, and it can lead to significant personal and business data being exfiltrated.”
To protect against this threat, users are advised to exercise caution when dealing with Office documents or unknown files, particularly those containing external links.
“Fortunately, Microsoft is on top of the problem from a resolution and workaround perspective, so it’s imperative that we remind everyone to keep their endpoint protection products current,” commented Andrew Barratt, vice president at Coalfire.
“This also shows the value of email filtering solutions that can actively scan an attachment before it lands in someone’s inbox.”
The Fortinet advisory comes days after Barracuda Networks published a report suggesting a relatively small group of scammers, numbering fewer than 100 individuals, is responsible for global email extortion.