SYMBOLCOMMON_NAMEaka. SYNONYMS
apk.lokibot (Back to overview)

LokiBot


Android banker Trojan with the standard banking capabilities such as overlays, SMS stealing. It also features ransomware functionality. Note, the network traffic is obfuscated the same way as in Android Bankbot.

References
2021-06-10ZAYOTEMTaha HİCRET, Sinan BAYKAN, Harun YAKUT, Bilal BAKARTEPE
@online{hicret:20210610:lokibot:f9a874a, author = {Taha HİCRET and Sinan BAYKAN and Harun YAKUT and Bilal BAKARTEPE}, title = {{LokiBot Technical Analysis Report}}, date = {2021-06-10}, organization = {ZAYOTEM}, url = {https://drive.google.com/file/d/144cOnM6fxfuBeP0V2JQshp8C0Zlk_0kH/view}, language = {English}, urldate = {2021-06-16} } LokiBot Technical Analysis Report
LokiBot
2020-07-14SophosLabs UncutMarkel Picado, Sean Gallagher
@online{picado:20200714:raticate:85d260a, author = {Markel Picado and Sean Gallagher}, title = {{RATicate upgrades “RATs as a Service” attacks with commercial “crypter”}}, date = {2020-07-14}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/07/14/raticate-rats-as-service-with-commercial-crypter/?cmp=30728}, language = {English}, urldate = {2020-07-15} } RATicate upgrades “RATs as a Service” attacks with commercial “crypter”
LokiBot BetaBot CloudEyE NetWire RC
2020-01-27YoroiLuigi Martire, Luca Mella
@online{martire:20200127:aggah:9ed3380, author = {Luigi Martire and Luca Mella}, title = {{Aggah: How to run a botnet without renting a Server (for more than a year)}}, date = {2020-01-27}, organization = {Yoroi}, url = {https://yoroi.company/research/aggah-how-to-run-a-botnet-without-renting-a-server-for-more-than-a-year/}, language = {English}, urldate = {2021-06-16} } Aggah: How to run a botnet without renting a Server (for more than a year)
LokiBot Azorult
2017-10Threat FabricWesley Gahr, Pham Duy Phuc, Niels Croese
@online{gahr:201710:lokibot:45755da, author = {Wesley Gahr and Pham Duy Phuc and Niels Croese}, title = {{LokiBot - The first hybrid Android malware}}, date = {2017-10}, organization = {Threat Fabric}, url = {https://www.threatfabric.com/blogs/lokibot_the_first_hybrid_android_malware.html}, language = {English}, urldate = {2019-12-19} } LokiBot - The first hybrid Android malware
LokiBot

There is no Yara-Signature yet.