Your browser is obsolete!

The page may not load correctly.

Android territory

Туманность Андроида

Other issues in this category (15)
  • add to favourites
    Add to Bookmarks

Malicious "shape shifters"

Read: 233 Comments: 0 Rating: 3

There exists an enormous diversity of Trojans. And among them there are particularly notable species—"shape shifters". These are rare and, perhaps, quite instructive phenomena.

LokiBot (detected by Dr.Web as Android.BankBot.235.origin) is a banking Trojan that can turn into ransomware and lock a smartphone if its owner tries to delete it.

This is not the most basic description, but you get the idea. The Trojan takes its time to covertly gather information and steal money, but should the user suspect that something's wrong or start looking for the Trojan's processes and end them, it will bare its teeth and turn into ransomware.

As a banking Trojan, LokiBot is hardly a standout.

Similar to other species of this kind, LokiBot fakes popular remote banking applications as well as the authorisation dialogues of Skype, Outlook and WhatsApp.

This means that in a best-case scenario, a user who attempts to sign in to Skype, Outlook or WhatsApp may be interacting with the applications via the Trojan.

The malicious program also uses social engineering techniques to gather banking information—it puts out a notification about money being credited to the victim's account. By doing so, it lures the user into entering their online banking login and passwords which are instantly intercepted.

The Trojan's authors, following current trends, also seek to profit from selling the Trojan to other criminals.

The new malware can be purchased online for only $2,000. For this amount, a cybercriminal will get a program with unique features: LokiBot can use SOCKS5 proxy, redirect users' outbound traffic, and load webpages in the browser. It uses SMS to send messages to all the contacts on a device and gets those users’ devices infected.

Interestingly, when acting as encryption ransomware, the Trojan also deceives users—files are merely moved to a different location.

#Trojan.Encoder #virus-maker #extortion #fraud #encryption_ransomware #ransomware

Dr.Web recommends

Unfortunately, by discovering and deleting malware manually, many people believe they can do without an anti-virus. LokiBot specifically targets overconfident users like these.

Currently, the Trojan is not equipped with all the features of encryption ransomware, but it quite possibly will be in the near future. At the moment it can be neutralised without an anti-virus, but why take unnecessary risks?

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.


Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.