WP-Automatic Plugin Flaw Used by Threat Actors to Create Admin Accounts on WordPress Sites
April 26, 2024CVE-2024-25048 – IBM MQ Vulnerability
April 27, 2024WP-Automatic Plugin Flaw Used by Threat Actors to Create Admin Accounts on WordPress Sites
April 26, 2024CVE-2024-25048 – IBM MQ Vulnerability
April 27, 2024Severity
Medium
Analysis Summary
In early 2016, LokiBot was originally made available on underground forums for cybercriminals to use against Microsoft Android phones. This malware steals sensitive information including, usernames, cryptocurrency wallets, and other credentials via Trojan software. Malware grabs credentials by monitoring browser and desktop activities from the password storage using a keylogger. LokiBot can also install a backdoor into affected systems, allowing an attacker to install other payloads. Spam emails, communication channels such as SMS, Skype, and malicious websites are all used to spread LokiBot. This malware is utilized to keep track of what users are doing (for instance, recording keystrokes).
Impact
- Information Theft
- Exposure of Sensitive Data
- Credential Theft
Indicators of Compromise
MD5
- 4b905e6548f4d5040fab8962cb71877e
- 8bdfe306f813ba1a65ecf6e1da4085c1
- 34730f3da822589c3b36ec7197ede429
- 0323dc105421401d34155403f091ecbe
- fde165f7e76cbf60d25787d02b9747f8
- f67fd2e77f85d5e68b46db9beaaf24c4
- c4b632f0468dae6a10b67d50a2f6e322
- 24899e0590707e01cd9fbdfab6dd922b
SHA-256
- 6fd2687a66899aa63357f7434a418b2bd873eebda9520129b20fd3e7e889ced1
- 857fd5543f14e01ea3b08d3aca6ee6763042a48d7b04c9f035a4a37a4d2e0039
- deb91032be610ab0761ed5e1076877458b9adbbbf79ae250672fc1c2f5fc8d0a
- a3ebc58cb7aebd21137225e16f6686642708e665fceb1f77e54c2413f6c0e706
- e980e437d08d2b60f888f0970241f2a5c0eec09653cb9a228ab77bba425e8551
- 3ffb020c607545bb45ebbe46ad290d535b3fcae2700d04c4f7e3474ddb059251
- b3bb12ae88279341ff46626660249155b11effa41f3389ace07f4aa6f1045f8c
- 054527988476fbdfcca3d4eec4d530c5529e2360b3f84beab0578b1411cad952
SHA1
- 15c3785700d10e32ce7e17d706194dd9baa8442a
- 7bca83400323c71ee5bd1d655004a4a762e1c71b
- 666691e4d03bb9d885184e80d5ec5639ef56a886
- f71675f7d669437852c55c308cbf3f25e0e923df
- 02a9b832afb11b92b93928f0402444cb9eacf325
- ec5276c3374e9bbb488e83b53b7eda00f850bc98
- ca3a42cb757d86d86c2859b2a5d5250d857128c3
- ae88a813c9dd1d766134789052f1e8e1ecaeb4be
Remediation
- Block all threat indicators at your respective controls.
- Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
- Emails from unknown senders should always be treated with caution. Never trust or open links and attachments received from unknown sources/senders.
- Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
- Patch and upgrade any platforms and software on time and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
- Enable antivirus and anti-malware software and update signature definitions on time. Using multi-layered protection is necessary to secure vulnerable assets.