Spam campaign features obfuscated .zipx archive that unpacks LokiBot attack.
A spam campaign pushing the info-stealing LokiBot trojan leverages a novel technique to avoid detection. According to researchers, the spam messages include malicious .zipx attachment hidden inside a .PNG file that can slip past some email security gateways.
According to Trustwave SpiderLabs, that first spotted the .PNG/LokiBot messages, the spam campaigns delivering the trojan have been limited in scope, so far. “This represents an extension to the existing ways LokiBot is delivered via email,” said Phil Hay, senior research manager at Trustwave.
LokiBot is a prolific trojan designed to covertly siphon information from compromised endpoints. The malware is known for being simple and effective and for its adoption of diverse attachment types. The malware is a commodity in underground markets, with versions selling for as little as $300.