Lokibot mutates from banking trojan into ransomware free bitcoin app

Banking trojans show users a fake screen which simulates the mobile banking interface how to earn bitcoins free. Once the victims enter their login credentials, the malware sends the data to hackers, allowing them to access the users’ accounts.

The LokiBot trojan acts almost the same way, however, it simulates not only a banking app screen, but also Outlook, Skype, and WhatsApp client interfaces, displaying notifications pretending to come from these applications.

In other words, users can receive a fake notification, supposedly from their bank, stating that funds have been transferred to their account bitcoin news 2016. Seeing the good news, users log into the mobile banking client for confirmation.

Besides, LokiBot has other tricks to catch users’ attention.


It can open a browser, navigate to specific pages, and even use an infected device to send spam, which is the way it distributes itself.

As soon as the trojan has stolen money from user’s account, LokiBot keeps operating, sending a malicious SMS to all contacts in the phone book to infect as many smartphones and tablets as possible, and even replying to incoming messages.

In case the victim tries to remove LokiBot, the malware activates another feature: stealing funds from a bank account, where it needs administrator rights get your bitcoin. If users try to deny it permission, the threat mutates from a banking Trojan into ransomware.

When acting like a ransomware, LokiBot locks the screen and shows a message accusing the victims of viewing child pornography and demanding ransom, encrypting the data on the device.

While analyzing the LokiBot’s code, the security experts found that it uses weak encryption and doesn’t work properly bitcoin difficulty history. The ransomware attack leaves unencrypted copies of all files on the infected device, only under different names, so restoring the files is relatively simple.

Nevertheless, the device screen remains locked, and the developers of the malware demand about $100 in Bitcoin to unlock it bitcoin graph usd. The victims don’t have to obey though bitcoin trading sites. Instead, after rebooting the device in safe mode, the victims can strip the malware of administrator rights and delete it bitcoin atm houston. To do so, users should determine which version of Android they have:

Banking trojans show users a fake screen which simulates the mobile banking interface bitcoin cnn. Once the victims enter their login credentials, the malware sends the data to hackers, allowing them to access the users’ accounts.

The LokiBot trojan acts almost the same way, however, it simulates not only a banking app screen, but also Outlook, Skype, and WhatsApp client interfaces, displaying notifications pretending to come from these applications.

In other words, users can receive a fake notification, supposedly from their bank, stating that funds have been transferred to their account bitcoin news today. Seeing the good news, users log into the mobile banking client for confirmation.

Besides, LokiBot has other tricks to catch users’ attention. It can open a browser, navigate to specific pages, and even use an infected device to send spam, which is the way it distributes itself.

As soon as the trojan has stolen money from user’s account, LokiBot keeps operating, sending a malicious SMS to all contacts in the phone book to infect as many smartphones and tablets as possible, and even replying to incoming messages.

In case the victim tries to remove LokiBot, the malware activates another feature: stealing funds from a bank account, where it needs administrator rights. If users try to deny it permission, the threat mutates from a banking Trojan into ransomware.

When acting like a ransomware, LokiBot locks the screen and shows a message accusing the victims of viewing child pornography and demanding ransom, encrypting the data on the device.

While analyzing the LokiBot’s code, the security experts found that it uses weak encryption and doesn’t work properly. The ransomware attack leaves unencrypted copies of all files on the infected device, only under different names, so restoring the files is relatively simple.

Nevertheless, the device screen remains locked, and the developers of the malware demand about $100 in Bitcoin to unlock it. The victims don’t have to obey though. Instead, after rebooting the device in safe mode, the victims can strip the malware of administrator rights and delete it bitcoin 1 million. To do so, users should determine which version of Android they have: