Port 22

LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks

First advertised as an information stealer and keylogger when it first appeared in underground forums, LokiBot has added various capabilities over the years. Recent activity has seen the malware family abusing Windows Installer for its installation and introducing a new delivery method that involves spam mails containing malicious ISO file attachments. Our analysis of a new LokiBot variant shows that it has improved its capabilities for staying undetected within a system via an updated persistence mechanism and the use of steganography to hide its code.

The post LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks appeared first on .