Lokibot Uses Image Files to Hide Code for Unpacking Routine

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Forum Veteran
Aug 17, 2014
12,746
123,926
8,399
Content source
https://www.bleepingcomputer.com/news/security/lokibot-uses-image-files-to-hide-code-for-unpacking-routine/
The authors behind LokiBot info-stealer have turned to steganography to add a new layer of obfuscation, the researchers discovered in a recent variant of the malware.

LokiBot is currently under active development, with developers adding a bundle of features over the years. It can steal browser information from over 25 different products, check for remote administration tools (SSH, VNC, RDP), and find credentials for email and file transfer clients.

Researchers at Trend Micro discovered that new strains of LokiBot use image files to hide code needed for its unpacking routine.
Click to expand...
Read more below:
www.bleepingcomputer.com

Lokibot Uses Image Files to Hide Code for Unpacking Routine

The authors behind LokiBot info-stealer have turned to steganography to add a new layer of obfuscation, the researchers discovered in a recent variant of the malware.
www.bleepingcomputer.com www.bleepingcomputer.com
blog.trendmicro.com

LokiBot Gains New Persistence Mechanism, Steganography

LokiBot has added various capabilities over the years. Our analysis of a new LokiBot variant shows its updated persistence mechanism and its use of steganography to hide its code.
blog.trendmicro.com blog.trendmicro.com
 
  • Like
  • +Reputation
Reactions: stefanos, Mahesh Sudula, Andrew3000 and 6 others
You must log in or register to reply here.

You may also like...