LokiBot Hybrid Android Malware Is worth $2,000 on the Dark Web

LokiBot doesn’t mess around.

You can never be too careful when it comes to online security. Android devices are relatively safe as long as you keep tabs on your browsing habits. However, there is some serious malware lurking in the dark corners of the web. For example, the very first hybrid Android malware, LokiBot, is currently worth about $2,000 in Bitcoin on the Dark Web. A banking trojan at heart, the malware turns into ransomware when the user tries to remove its admin privileges. The news was revealed by SfyLabs’ security researchers, who also unveiled the software’s key programming. Apparently, it shows fake login screens over popular apps such as Skype and WhatsApp in order to steal your personal data.

LokiBot’s main capabilities.

LokiBot is quite the versatile beast. It’s able to steal your contacts, perform overlay attacks, read and send SMS messages, spam your contacts with SMS messages, and upload your browser history to criminals’ servers. It can also lock your phone if you attempt to remove it, but it’s not very good at encryption. SfyLabs clarified:

“The encryption function in this ransomware utterly fails, because even though the original files are deleted, the encrypted file is decrypted and written back to itself.” 

Therefore, the software simply renames the files instead of actually deleting them. Apparently, the group responsible for creating this malware has already made $1.5 million in bitcoins.