With the increased use of online mediums such as email, social media platforms, and messenger apps for communication, it has attracted bad actors to prey on naive users.
Cybercriminals are using creative techniques to lure potential victims with formal messages offering jobs or with threats of seizing bank accounts and asking them to click links or download the document to view the information. But, unsuspecting users download them, which contain malware on the PC.
In the latest instant, cyber experts at FortiGuard Labs have uncovered a couple of security loopholes in Microsoft Word that allows criminals to implant LokiBot malware in Word document and send them to victims.
The document comes with an external link and the unsuspecting user will fall for the trap and download a next-stage malicious payload, which by the way is capable of checking whether the system has any debugger and avoiding detection. Once implanted, the third stage begins. The Lokibot trojan can scan through the system to find sensitive information and send it to a remote server controlled by bad actors.
"LokiBot is a long-standing and widespread malware active for many years. Its functionalities have matured over time, making it easy for cybercriminals to use it to steal sensitive data from victims. The attackers behind LokiBot continually update their initial access methods, allowing their malware campaign to find more efficient ways to spread and infect systems," said the FortiGuard Labs team.
Here's how to safeguard from such malware:
-- Never ever click URL link sent from an unknown person.
--Even if the person or the company is known, always exercise caution while clicking URL or downloading any app from third-party app stores
--Even if the person says he is an IT officer or a Bank executive, never share any personal or financial details via email or messages
-- Never panic at reading any warning message be it an Income Tax notice or Bank KYC request. Just go to the official website to get phone numbers or near the office to enquire about the issue.
[Note: Do not go to the URL shared by the person on email. You have to take the initiative to do good research and be able to distinguish between official websites and fake ones.
Tip: Always ensure the website has 'https' at the start of the URL. And, also look if there are any grammatical mistakes or if the company's official logo is correct or not.]
--Ensure you have an anti-virus application on your system
--Always update your system and apps to the latest version available on the official platform only
Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.