Loki Info Stealer Propagates through LZH Files
released on 2020-05-05 @ 04:03:11 PM
LokiBot has previously used CAB files to propagate and recently Trend Labs acquired another sample that delivers the same malware, but this time through LZH compressed archive files. Trend Micro detects the attachment and the dropper as TrojanSpy.Win32.LOKI.TIOIBYTU.
LZH files, more commonly used in Japan for compressing files, have also been used to deliver other malware such as Negasteal and Ave Maria.