Information-stealing malware LokiBit has added a third stage to its process of compromising systems as a way to escape detection. This third stage includes socially engineering users to enable macros on Microsoft Office, using images to hide code and the widespread encryption of resources. While attackers would historically do the minimum necessary to compromise a network, they now need to do more as a result of better security procedures.
LokiBot is not alone in its growing sophistication to prevent detection. In October of 2020, Facebook revealed that a Chinese malware gang called SilentFade used browser injections, clever scripting, a Windows trojan, and a Facebook platform bug to infect users with a trojan, hijack the users’ browsers, and steal passwords and browser cookies so the malware gang could hijack Facebook accounts. This resulted in victims losing more than $4 million, which SilentFade used to post malicious Facebook ads across the social network.
Additionally, Microsoft has found that various browsers have been targeted with an ad-injection malware called Adrozek. At the peak of the attack in August, Adrozek was observed on more than 30,000 devices every day.
At risk browsers include Chrome, Firefox, Edge, and the Russian-based Yandex. The potential for infection increases if users are running older browser versions. Adrozek was first seen in May 2020 and injects phony ads while users attempt to do Internet searches.
Adware-based malware can either be relatively annoying or dangerous. It replaces real ads with ones that will generate money through their clickstream. It may disable your browser updates and safe browsing features and change security preferences.
According to Microsoft, we haven’t seen the last of this type of malware attack, and it may be hard to eliminate because of its shape-shifting abilities. Adding to the difficulties facing victims is the fact that the malware can also persist after a reboot, thanks to Windows Registry modifications. Although these malware types are spreading globally, at the moment, they are concentrated in Europe and Southeast Asia.
If you are still having trouble, consider contacting remote technical support options.