Lokibot: The Banking Trojan that hacked a hacker, now comes with the list of targeted banks

February 7, 2019
Banking malware detection

Last December we discussed a written article about a hacker getting hacked by a banking Trojan. The banking malware was identified as the Lokibot which was exploited by being used by different cybercriminals. The details are in the previous article https://izoologic.com/2018/12/27/hacker-just-got-hacked/

Can you fathom how critical it is when a hacker itself gets hacked? Now how much more are unsuspecting app users who only want to enjoy online banking through a mobile device?  Once a victim’s banking details especially credit card information has been sniffed and leaked by banking malware such as Lokibot, banks will usually have a rough time catching the activities of fraud even if a credit card fraud detection system has been placed, because such security also has its limits. One of the limitation of such fraud prevention system is the geo location alert system. One example of a security loop is most fraudsters try to mask their location to the same country where the card originally was issued.

Now that the Lokibot has been around for quite some time, banks and related institutions are on an alert on the banking malware, however as discussed in our previous article, numerous malicious authors are modifying malware to suit their own conditions, thus some variant of customized Lokibot will surely evade malware detection.

To help the fight against the banking malware, and also to alert the institutions affected, somebody posted online through Pastebin the list of affected banks that are targeted by Lokibot.

It appears that the app with the Lokibot has been dissected and unpacked which gave way to which banks are targeted.

Prevention: Tips

How are we going to prevent becoming a victim as a user?

  • Avoid downloading raw apks outside of the Playstore or Appstore
  • Download only from trusted sources especially from the developer’s site.
  • Run a malware check on applications and files.
  • Avoid searching for app coupons or discounts that are not endorsed by the bank or the company itself.
  • Check the association of the developer of the app.

For corporations and app developers.

  • For apps and brand protection; strategize a Mobile App Monitoring campaign.
  • Regularly monitor the internet and certain websites especially forums for possible brand abuse.
  • Dark Web: the haven for fraudsters, monitoring it is worth a try, better find the abuse first before it finds your customers that may threaten your brand.


About the author

Leave a Reply