According to CERT.lv, fraudsters are pretending to be representatives of a company called "Baltic Express LV" and the attachment that accompanies their email contains the LokiBot virus, which is used to steal sensitive personal information.
The emails reportedy come from the address '[email protected]'. There is a real company of that name, but their real email ends with ".lv" instead of ".com".
"If you receive this email, please delete it. If the virus is opened: use antivirus to scan / clean the device and change all passwords stored on the device," CERT.lv advises.
Brīdinājums! Šodien masveidā tiek saņemti ziņojumi par ļaundabīgu e-pastu vilni, kur krāpnieki izliekas par uzņēmuma "Baltic Express LV" pārstāvi. E-pasta pielikums satur LokiBot vīrusu, kas paredzēts sensitīvas informācijas zagšanai. pic.twitter.com/0vAFnPUIXV
— CERT (@certlv) January 26, 2022
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) LokiBot—also known as Lokibot, Loki PWS, and Loki-bot—employs Trojan malware to steal sensitive information such as usernames, passwords, cryptocurrency wallets, and other credentials through the use of a keylogger to monitor browser and desktop activity.