
Earlier this month, a second campaign was observed spreading LokiBot. In this instance, the phishing email included a compressed RAR file, which installs LokiBot upon execution. In both campaigns, there were easy-to-spot signs that the emails were likely malicious, including uncommon senders, unexpected attachments, generic greetings, and awkward language that would be unexpected in a professional email.
Recommendations
- Avoid clicking links and opening attachments in unsolicited emails.
- Confirm requests from senders via contact information obtained from verified and official sources.
- Review the Don't Take the Bait! Phishing and Other Social Engineering Attacks NJCCIC product for more information on common phishing and social engineering attacks.
- Facilitate user awareness training to include these types of phishing-based techniques.
- Maintain robust and up-to-date endpoint detection tools on every endpoint.
- Consider leveraging behavior-based detection tools rather than signature-based tools.
- Phishing and other malicious cyber activity can be reported to the FBI's IC3 and the NJCCIC.
