A zip attachment contains a img with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.
Cybercrime, new Lokibot campaign via HSBC payment advice
New Lokibot campaign via HSBC payment advice. The xz attachment of a fake bank email contains an exe file: the malware
Lokibot (Loki) hides inside a fake HSBC email about a payment advice.
The xz attachment contains an exe file: the malware. The goal of the cybercrime actors behind the operation is to steal sensitive information from the victim. Lokibot (aka Loki PWS and Loki-bot) is an information-stealer, which captures credentials, cryptocurrency wallets and other types of data.