LokiBot is more Banking Trojan than Ransomware

With each passing day, security threats are increasing. Security threats like Malware & Ransomware are becoming a daily threat.  Security researchers from SfyLabs have identified A new Android banking Trojan “LokiBot”.

The malware is more banking trojan than ransomware — according to SfyLabs researchers.

Though the malicious Android banking Trojans turns into ransomware and locks the user’s device as soon as they try to remove its admin privileges.

LokiBot Targets:

It targets mobile banking applications as well as non-banking applications like WhatsApp, Skype, Outlook and other social media apps.

The malware is also capable of stealing user’s contacts, reading and sending SMS messages and locking out users from accessing their phones.

LokiBot Capabilities:

The malware mainly works on Android version 4.0 and higher versions of the operating system. Just like other Android banking trojans, LokiBot works by showing fake login screens on top of popular apps.

If users try to remove its administrator privileges, LokiBot will trigger its ransomware behavior.

LokiBot has a unique way of hijacking the mobile’s web browser. It helps the malware to download and install the SOCKS5 proxy.

It’s able to steal your contacts, perform overlay attacks, read and send SMS messages, spam your contacts with SMS messages, and upload your browser history to criminals’ servers.

LokiBot shows fake notifications to users to confuse them and make them think that they have received money in their bank account from some unknown sources.

This can make users open the mobile banking application and login to their accounts. The moment a user taps the notification, the malware shows the phishing overlay, instead of the real application.

LokiBot Loophole:

Thankfully LokiBot cannot encrypt the user’s data completely because it is not perfect yet.

“The encryption function in this ransomware utterly fails, because even though the original files are deleted, the encrypted file is decrypted [immediately] and written back to itself,” SfyLabs says. “Thus, victims won’t lose their files, they are only renamed.”

LokiBot Threat:

However, the data may not get encrypted but the user does get locked out of their phone. In addition with a ransom note asking between $70 and $100.

showing a message: “Your phone is locked for viewing child pornography.”

Booting into Safe Mode and removing the infected app and privileges can help the user get back the access to their devices.

According to security experts at SyfLabs LokiBot have already ransomed in over $1.5m in Bitcoins.

The cybercriminals behind this LokiBot trying to sell this on the dark web to other criminals. LokiBot is currently worth about $2,000 in Bitcoin on the Dark Web.

NEXT |BlueBorne Exploit: Everything You Need To Know

Sarajit Das

Recent Posts

Apple Event 2022: Have A Look At List And Specifications Of All The Launches

Apple Event 2022: Apple with its first event of the year has brought in a…

3 years ago

Facebook Is Now Meta; A New Up-gradation To The World Of Social Media

Facebook Is Now Meta: Facebook for decades has stood to be one of the greatest…

3 years ago

Best Smartwatch 2021; Wearables For Android And iOS Smartphone

Best Smartwatch 2021: Smartwatches have managed to be a part of one's attire not just…

3 years ago

Unveil The Xiaomi Event: Learn About All The Launches From The House

Xiaomi Event has finally hit the entire globe revealing ample products including the much-awaited Xiaomi…

3 years ago

Uncover The Apple Event 2021; Have A Glance At All The Launches

The most awaited Apple Event 2021 has finally revealed a bunch of its products ranging…

3 years ago

iPhone 13 Series Expected Features And Rumors Before Launch

The Apple event is round the corner and this approaching event is letting ample speculations…

3 years ago