The Loki Bot has been observed for years. As you may know, it is designed to steal credentials from installed software on a victim’s machine, such as email clients, browsers, FTP clients, file management clients, and so on. FortiGuard Labs recently captured a PDF sample that is used to spread a new Loki variant. In this blog, we will analyze how this new variant works and what it steals.
The PDF sample
Figure 1. Content of the PDF sample
The PDF sample only contains one page, shown above, which includes some…
Article Link: http://blog.fortinet.com/2017/05/17/new-loki-variant-being-spread-via-pdf-file