LokiBot After a Decade: An Analysis of a Recent LokiBot Campaign

LokiBot, an infostealer first advertised in May 2015, continues to operate after more than a decade with numerous variants. The malware targets credentials from over a hundred software products including browsers, cryptocurrency wallets, password managers, email and FTP clients. A recent campaign delivers LokiBot through malspam with JScript email attachments, executing a multi-stage infection chain involving PowerShell loaders and .NET injectors protected by ConfuserEx. The final payload uses process injection into aspnet_compiler.exe, employing API hashing techniques to evade detection. While LokiBot maintains extensive credential theft capabilities, recent samples exhibit broken persistence mechanisms due to patched decryption subroutines. The malware communicates with C2 servers to exfiltrate compressed stolen data and await further commands, demonstrating continued evolution despite reduced activity in recent years.

Pulse ID: 6a3c6b9416a51c4cdec616c4
Pulse Link: https://otx.alienvault.com/pulse/6a3c6b9416a51c4cdec616c4
Pulse Author: AlienVault
Created: 2026-06-24 23:43:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#ASPNet #ASPNet_Compiler #Browser #CyberSecurity #Email #InfoSec #InfoStealer #MalSpam #Malware #NET #OTX #OpenThreatExchange #Password #PowerShell #RAT #SMS #Spam #Word #bot #cryptocurrency #AlienVault

🌿 Part 30 of Modernizing .NET starts the architecture chapter.

First topic: Strangler Fig Architecture.

Don’t rewrite the whole ASP.NET Framework app at once.

✅ Route one feature.
✅ Replace one slice.
✅ Keep fallback.
✅ Delete the legacy path when stable.

https://medium.com/@michael.kopt/modernizing-net-part-30-strangler-fig-architecture-903da2ce1e9a
#dotnet #dotnetcore #aspnet #aspnetcore

🧙‍♂️ HttpContext.Current was only step one.

Legacy System.Web code often expects Request.Params, Response.Write, headers, redirects, and connection checks.

🧩 Wrap the old surface
🔌 Delegate to ASP.NET Core
⚠️ Delete the bridge later

#dotnet #dotnetcore #aspnet #aspnetcore
https://medium.com/@michael.kopt/%EF%B8%8F-bonus-modernizing-net-part-29-bonus-round-with-system-web-request-and-response-wrappers-0abdec1bae8b

⚡️ 12 правил Dependency Injection для ASP.NET Core

🏷️ #devdigest #dotnet #net #net #aspnet #asp

https://devdigest.today/goto/6638

⚡️ Microsoft Releases .NET 11 Preview 5

🏷️ #devdigest #dotnet #net #microsoft #ide #visualstudio #csharp #maui #microsoft #net #aspnet #asp

https://devdigest.today/goto/6636

.NET 11.0 Update: Die Neuerungen in .NET 11.0 gegenüber .NET 10.0 inklusive C# 15.0, ASP.NET Core 11.0, Entity Framework Core 11.0, WPF 11.0, Windows Forms 11.0 und .NET MAUI 11.0 by Dr. Holger Schwichtenberg is a new release on Leanpub!

Link: https://leanpub.com/net11

#books #ebooks #newreleases #leanpublishing #selfpublishing #dotnet #c_sharp #aspnet #android #sql_server #ides

Part 28 of Modernizing .NET: memory spikes on Linux are often file I/O problems in disguise.

🧠 trim backup scope
🌊 stream copies
🚦 throttle parallelism
🗂️ check CIFS serverino

https://medium.com/@michael.kopt/modernizing-net-part-28-diagnosing-linux-file-operation-memory-spikes-08421b69d921
#dotnet #dotnetcore #aspnet #aspnetcore #linux #performance

Javier Lozano presents 'Implementing Web Security in Your ASP.NET Applications' this July at Nebraska.Code().

https://nebraskacode.amegala.com/

#WebSecurity #Frontend #Cloud #ASPNET #SoftwareCraftsmanship #Lozanotek #SoftwareDevelopment #SoftwareEngineering #DevLife #TechConference #DeveloperConference #Nebraska #AppDeveloper

Modernizing .NET Part 27! 🔤

Solving the "Windows vs Linux" string sorting headache.

✅ Consistent behavior across OS
✅ Custom NLS-compatible comparer
✅ Fix broken CI/CD tests

https://medium.com/@michael.kopt/modernizing-net-part-27-cross-platform-string-sorting-nuances-9bed8bd1898d
#dotnet #dotnetcore #csharp #aspnet #aspnetcore #linux #unicode #windows #nls #icu #sorting #algorithm