The xz attachment of a fake bank email contains an exe file: the malware.
Cybercrime, new Lokibot campaign via SWIFT transfer

New Lokibot campaign also via SWIFT transfer. The doc attachment contacts a url from which it downloads the malware. The campaign is not geofenced and there are no blacklists
“RE: SWIFT DETAILS- TT DETAILS-BANK TRANSFER” is the subject of a new email, which conveys a Lokibot campaign.
The doc attachment contacts a url from which it downloads the malware. The campaign is not geofenced and there are no blacklists. The goal of the cybercrime behind the operation is to steal sensitive information from the victim. Lokibot (aka Loki PWS and Loki-bot) is an information-stealer, which captures credentials, cryptocurrency wallets and other types of data.