With each passing day, security threats are increasing. Security threats like Malware & Ransomware are becoming a daily threat. Security researchers from SfyLabs have identified A new Android banking Trojan “LokiBot”.
Though the malicious Android banking Trojans turns into ransomware and locks the user’s device as soon as they try to remove its admin privileges.
It targets mobile banking applications as well as non-banking applications like WhatsApp, Skype, Outlook and other social media apps.
The malware is also capable of stealing user’s contacts, reading and sending SMS messages and locking out users from accessing their phones.
The malware mainly works on Android version 4.0 and higher versions of the operating system. Just like other Android banking trojans, LokiBot works by showing fake login screens on top of popular apps.
LokiBot has a unique way of hijacking the mobile’s web browser. It helps the malware to download and install the SOCKS5 proxy.
It’s able to steal your contacts, perform overlay attacks, read and send SMS messages, spam your contacts with SMS messages, and upload your browser history to criminals’ servers.
LokiBot shows fake notifications to users to confuse them and make them think that they have received money in their bank account from some unknown sources.
This can make users open the mobile banking application and login to their accounts. The moment a user taps the notification, the malware shows the phishing overlay, instead of the real application.
Thankfully LokiBot cannot encrypt the user’s data completely because it is not perfect yet.
“The encryption function in this ransomware utterly fails, because even though the original files are deleted, the encrypted file is decrypted [immediately] and written back to itself,” SfyLabs says. “Thus, victims won’t lose their files, they are only renamed.”
However, the data may not get encrypted but the user does get locked out of their phone. In addition with a ransom note asking between $70 and $100.
showing a message: “Your phone is locked for viewing child pornography.”
Booting into Safe Mode and removing the infected app and privileges can help the user get back the access to their devices.
According to security experts at SyfLabs LokiBot have already ransomed in over $1.5m in Bitcoins.
The cybercriminals behind this LokiBot trying to sell this on the dark web to other criminals. LokiBot is currently worth about $2,000 in Bitcoin on the Dark Web.
Apple Event 2022: Apple with its first event of the year has brought in a…
Facebook Is Now Meta: Facebook for decades has stood to be one of the greatest…
Best Smartwatch 2021: Smartwatches have managed to be a part of one's attire not just…
Xiaomi Event has finally hit the entire globe revealing ample products including the much-awaited Xiaomi…
The most awaited Apple Event 2021 has finally revealed a bunch of its products ranging…
The Apple event is round the corner and this approaching event is letting ample speculations…