Security News > 2020 > April > Spearphishing Campaign Exploits COVID-19 To Spread Lokibot Infostealer
Researchers have discovered threat actors once again capitalizing on the COVID-19 pandemic and current attention on the World Health Organization with a new spearphishing email designed to spread the LokiBot trojan sent using the WHO trademark as a lure.
Instead, it sends an attachment that unleashes the infostealer LokiBot if downloaded and executed, according to a blog post published Thursday by threat analyst Val Saengphaibul.
If they do, the file infects the victim's system with Lokibot, an infostealer that lifts a variety of credentials from the user's system - including FTP credentials, stored email passwords, passwords stored in the browser and others, he said.
LokiBot is a prolific trojan that's infamous for being simple and effective in its ability to covertly siphon information from compromised endpoints.
Various versions of LokiBot also in the past were sold on underground markets for as little as $300. Since it was first detected, the new spearphishing campaign has gone global, with Turkey, Portugal, Germany, Austria and the United States showing the highest incidents, according to the post.