Lokibot Data Stealing Virus Detected On Android Devices
Lokibot is a dangerous Android virus that is detected as a banking trojan threat. This virus is specifically designed to steal crucial data from the infected device and also encrypt files on it.
This Trojan threat was first detected by the security researchers at SfyLab in late 2017. But its newer version is out and is infecting Android devices as well as windows OS.
Lokibot virus could spread through spam mails sent in bulks by employing bots or even can be embedded within fake apps downloaded from third-party websites. It is just like the MysteryBot Android Malware that also steals banking data.
The malware is not only restricted to steal the monetary information but even acts like a ransomware that that locks important files on the attacked device and present a lock screen alerting users of watching child pornography.
Lokibot Infection Motives
The Lokibot virus gets the administrative privilege and rights at the time of installation, as comes embedded within fake apps.
The hackers and criminal minds behind this threat is aimed to make huge profit by steal money from the bank accounts of users. So, whenever user opens their online banking apps or visit the website then the LokiBot virus presents a simulated screen that appears just like original banking page.
Obviously, users are unaware of the presence of Lokibot virus and they enter all the credentials of their bank account like login credentials, card details and PIN. As soon as user enters these data, the malware running within the background sends all the info to the hackers server. This is how they can easily get access to your confidential data and misuse it for frauds.
Not only that, Lokibot virus also distributes fake versions of legitimate apps like WhatsApp, Skype, Viber, and Outlook. This means that if you have downloaded or updated these apps from unknown sources, then it will steal all the information shared on these apps.
Thus, security experts always recommends to download/update programs from authentic and verified sources.
Capabilities of Lokibot virus
Additionally, the Lokibot virus also attempts other tricky approaches to mislead the users of infected devices:
- Pop-up fake notifications or alerts that might appear from your bank;
- Redirect user’s traffic to hackers websites for crypto-mining
- Use your phone contact to send fake messages and even auto reply to them;
- Uses administrative privilege to download updates or fake programs on the device;
- Redirect to suspicious sites while browsing;
- Utilize the network and OS resources for digital currency mining.
If the user tries to delete or uninstall the program related to Lokibot virus, then it momentarily starts locking the files and acts just like a ransomware. For this, the Malware quickly reboots the device and shows a locked screen along with an alert that states your device is locked due to watching child pornography.
This is just a trick to scare users and make them pay the ransom to unlock their phones. The ransom demanded by the authors is in Bitcoins and the amount may vary $70-$100. The victims are also given the deadline to pay the ransom of about 48 hours.
According to the analysis, the encryption algorithm used by the LokiBot Trojan threat is not robust and can be recovered. It actually makes copies of original files and replace them with different names.
Users are not aware of these things and they quickly agree to pay the ransom to get their phone unlocked and in normal working condition. As the phone contains various important data which they may not have any back ups.
The cyber-criminals and hackers take the advantage of our unconsciousness to mislead and extort money. As per reports the authors of Lokibot malware had already earned over $1.5 million and is still spreading its malicious program to earn more and more money illegally.
How to Remove Lokibot Virus From Android Device
If your Android device smartphone/tablet infected with Lokibot Virus, then follow the steps:
Press and hold your device’s Power button. This will show up the Power off menu;
Now, press and hold the Power off button until you get a prompt with “Reboot to Safe Mode”;
Press “OK” to enter into the Safe mode;
Now, you need to locate the malicious app and deny all the administrative rights of the app and then remove the virus. Restart your device normally as you do.
Security experts not recommend to pay the ransom as this will only encourage the hackers to do more scams and frauds.
We recommend scanning the device with legitimate anti-virus/malware program to detect any traces of the virus remain left within device.
Now if you are done, then use data recovery software program to recover your data from your Android device.
Here is the recommended data recovery tools which you can try to recover your files.
Restores data after accidental format of SD card. Retrieves Android application package files (.apk) along with other music, video and image files. Uses the robust engine of award winning Remo data recovery application.
Tenorshare Android Data Recovery Pro-The Most Professional Data Recovery Solution for Android. Recover all kinds of lost Android data in no time, including contacts, text messages, photos, videos, WhatsApp data, call history from Android smartphone, cell phone, mobile phone and tablet of any brands. Click here to Know More about the Recovery tool.
Preventive Measures to stop Lokibot malware Attacks On your android device
- Be cautious while downloading any apps;
- Do not provide any valuable information to unknown websites.
- Try to keep backup of your important data, photos and files.
- Never download or update any apps from spam links or third-party websites;
- Do not download or follow links to the spam emails and attachments;
- Keep your device locked with password;
- Regularly scan your device with reputed security application;
- Employ a legitimate app to trace suspicious apps.