Azure AD Bug Lets Attackers Steal Credentials
September 2, 2025Azure AD Bug Lets Attackers Steal Credentials
September 2, 2025Severity
Medium
Analysis Summary
In early 2016, LokiBot was originally made available on underground forums for cybercriminals to use against Microsoft Android phones. This malware steals sensitive information including, usernames, cryptocurrency wallets, and other credentials via Trojan software. Malware grabs credentials by monitoring browser and desktop activities from the password storage using a keylogger. LokiBot can also install a backdoor into affected systems, allowing an attacker to install other payloads. Spam emails, communication channels such as SMS, Skype, and malicious websites are all used to spread LokiBot. This malware is utilized to keep track of what users are doing (for instance, recording keystrokes).
Impact
- Information Theft
- Exposure of Sensitive Data
- Credential Theft
Indicators of Compromise
MD5
a5ff3ed3754b4cd91aa9e6adaa0960b0
8c81681a052c25fac0fd0cae14013798
6b6caf6576d7591f48790617aad24d16
6c369b3e9835d084c840ac980f781c8f
SHA-256
d998bd4232ffd4b1781fff28431744bec81370200abcf9c483c87af224b5622d
122faf1d6f561477954e08ac6a915388d9e449f77a0caa62442c5f4bf99e6083
701b8df01024b15c3b33a77f468345b82af01c85817ec83e6cef861ccdee3dbd
9ee81b195ccebdd773275a9f8a3c9f9090cdd4b691a9022ce0811740c140d107
SHA1
3fbae74105ba447c35cafc9a9f94e27a7d124803
9ef96b9e6192f5fc7a5312e2ec6be003e1fcafbe
d546fbcde88758f31a38b5cb4ee56491df32fbf7
7f153a2527edf9057169fad1793e2d6585975811
Remediation
- Block all threat indicators at your respective controls.
- Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
- Emails from unknown senders should always be treated with caution. Never trust or open links and attachments received from unknown sources/senders.
- Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
- Patch and upgrade any platforms and software on time and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
- Enable antivirus and anti-malware software and update signature definitions on time. Using multi-layered protection is necessary to secure vulnerable assets.