Melisande Mual
25 Oct 2017 / 5 Min Read
According to SfyLabs researchers, the malware is more banking trojan than ransomware and is used for this purpose primarily. Just like similar Android banking trojans, LokiBot works by showing fake login screens on top of popular apps. LokiBot targets mobile banking apps by design, but also popular non-banking apps such as Skype, Outlook, and WhatsApp.
LokiBot has its own unique features compared to other Android banking trojans. For starters, it can open a mobile browser and load an URL and will install a SOCKS5 proxy to redirect outgoing traffic. It can also automatically reply to SMS messages and send SMS messages to all of the victims contacts, a feature most likely used to send SMS spam and infect new users.
LokiBot can also show fake notifications disguised as coming from other apps. The malware uses this feature to scam users into thinking they have received money in their bank account and open the mobile banking app. When the user taps the notification, Lokibot shows the phishing overlay instead of the real app.
Melisande Mual
25 Oct 2017 / 5 Min Read
The Paypers is the Netherlands-based leading independent source of news and intelligence for professional in the global payment community.
The Paypers provides a wide range of news and analysis products aimed at keeping the ecommerce, fintech, and payment professionals informed about the latest developments in the industry.
Current themes
No part of this site can be reproduced without explicit permission of The Paypers (v2.7).
Privacy Policy / Cookie Statement
Copyright