Windows users have been targeted once more by LokiBot, a sophisticated spyware that spreads through infected Office documents.
According to a recent advisory issued by a Fortinet security researcher, attackers are embedding malicious macros within Microsoft Office documents using known vulnerabilities such as CVE-2021-40444 and CVE-2022-30190.
When these macros are performed, the LokiBot malware is dropped onto victims’ systems, allowing the attackers to control and collect sensitive information.
LokiBot, a well-known Trojan that has been active since 2015, specializes in stealing sensitive information from affected PCs, especially Windows systems.
The study indicated that the infected documents used a variety of ways to launch the attack chain, including the use of external links and VBA scripts.
Users are recommended to use caution while dealing with Office documents or unknown files, particularly those with external links, to protect themselves against this attack.
