There is currently a new Android virus on the loose that Android users should be aware about as this virus is rapidly infecting thousands of smart phones and tablet users all over the globe. This new Android virus is dubbed as “LokiBot” which yet another complex banking Trojan program that converts itself into a ransomware automatically once the victim tries to remove it from the device.
During its infiltration, LokiBot opens a pop-up that prompts its victims to give the administrative rights of the smart phone and then begins to collect bank-related information successfully. According to security analysts, the virus is also capable of opening the victim’s banking app, as well as opening the browser app and reply to text messages on the phone.
LokiBot has some specific features – one of which is its ability to create fake notifications of legitimate bank apps from the device and activate the vibration on the phone before it displays the pop-up notification. Just like other banking Trojans, users are usually tricked into clicking the deceptive pop-up where the overlay attack typically starts. During that overlay attack, LokiBot displays a fake login window which looks like the real one that belongs to the banking app however, that’s only a façade and all the information you enter will be forwarded to the cyber criminals behind LokiBot.
Moreover, security analysts were able to determine that LokiBot’s activities are quite similar to another banking Trojan named BankBot. It’s also hard to believe that these crooks can get more than 1.5 million with only from this one Android virus – some security researchers even speculated that both of these banking Trojans (LokiBot and BankBot) might be created by the same cyber criminals. Users are advised against trying to remove LokiBot virus from their Android device as it will only trigger the automatic activation of its ransomware features. To put it simply, if you try to get rid of the administrative rights you’ve given to the virus from the malicious app it uses, then it will try to lock your files and encrypt them especially the files located on your SD card using the AES 128 encryption algorithm. The crooks will ask you to pay a $70 – $100 ransom in Bitcoins in exchange for the decryption of the files.
LokiBot’s sudden increase in its distribution can be explained simply – this malicious program’s code was noticed being sold in the underground market for over $2000. But just like other banking Trojan, LokiBot is not without its fair share of flaws – its encryption process is corrupted and thankfully, it fails to encrypt the files on the device properly. Therefore, it is safe to say that this virus functions as a screen-locking malware in some way and not a real ransomware infection. However, even though its encryption process is an epic fail, victims won’t still be able to access their files since their phones are locked as its screen locker functions just fine. So this still prevens users from accessing their files all the same. To be specific, the virus’s flaw prevents it from fully corrupting the files and the only thing it really does is to rename them but they still remain accessible. So there is no need for victims to panic and pay the ransom as they can still regain their access to their phones and files. Security experts also advise against paying the ransom so as not to encourage these crooks in developing even more Android virus and other threats. Statistics show that most of the cyber criminals these days have scammed thousands of users and generated enormous profit illegally.
To get rid of LokiBot, you will have to reboot your Android device into Safe Mode and then eliminate the virus using a reputable and trusted mobile security software. Researchers noted that users will have to be very careful as LokiBot spreads in spam emails as Infostealer.LokiBot that automatically sets up SOCKS5 Internet protocol so that it can spam all contacts automatically using malicious links to infect Android devices – because of that, this virus can also open any desired web pages as well as collect browsing-related information to steal information like your email account and distributed infections like ransomware. To avoid getting infected with banking Trojans like LokiBot and other similar threats, you must avoid opening any suspicious attachments not even if they’re sent by your friends – you must be cautious at all times, after all prevention is always better than cure.