New Attack Drops LokiBot Malware Via Malicious Macros in Word Docs


In the course of their study, FortiGuard Labs recently made a worrying discovery that revealed a number of malicious Microsoft Office documents created to exploit well-known flaws. These papers use the remote code execution flaws CVE-2021-40444 and CVE-2022-30190 (Follina) to install the LokiBot (also known as Loki PWS) malware on the PCs of their victims.

User data is seriously at risk since LokiBot, a notorious Trojan active since 2015, specialises in stealing private data from Windows computers. FortiGuard Labs first acquired and examined two different kinds of Word documents, each of which posed serious risks to unknowing victims. The first kind contained an external link that was enclosed in an XML file with the name “word/_rels/document.xml.rels.”

Read More…