top of page

Cyber Bites

LokiBot Information Stealer Targets Unpatched versions of Microsoft Word

Security researchers at FortiGuard Labs report active malware campaigns looking to capitalize on two, older vulnerabilities in Microsoft Word to spread LokiBot malware. The malware is an information-stealing Trojan active since 2015 and aims to gather sensitive information from infected machines.

The two vulnerabilities being targeted are CVE-2021-40444 and CVE-2022-30190, patched by Microsoft 9/14/21 and 5/30/22 respectively.

If you try and open the file, the following prompt is displayed to entice you into enabling editing


  • Users should exercise caution when dealing with any Office documents or unknown files

  • Users need to be vigilant and avoid clicking on suspicious links or opening attachments from untrusted sources

  • Keeping software up to date with the latest security patches can help mitigate the risk of exploitation

Source: FortiGuard Labs

Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.


bottom of page