Spearphishing Campaign Exploits COVID-19 To Spread Lokibot Infostealer

The attack discovered uses World Health Organization trademark to lure users with info related to coronavirus.

Researchers have discovered threat actors once again capitalizing on the COVID-19 pandemic and current attention on the World Health Organization (WHO) with a new spearphishing email designed to spread the LokiBot trojan sent using the WHO trademark as a lure.

Researchers at FortiGuard Labs on March 27 first observed the malicious COVID-19-themed scam, which claims to be from the WHO and attempts to address misinformation related to the pandemic to convince users it’s authentic. Instead, it sends an attachment that unleashes the infostealer LokiBot if downloaded and executed, according to a blog post published Thursday by threat analyst Val Saengphaibul.

“The body of the email contains multiple points about infection control and other suggestions and recommendations, which is obviously a lure to further compel the recipient to continue reading,” he wrote in the post. “And in a twisted fashion, the messaging pretends to address misinformation related to COVID-19/Coronavirus.”

Read full story here https://threatpost.com/spearphishing-campaign-exploits-covid-19-to-spread-lokibot-infostealer/154432/