It looks like one of the criminal gangs behind some of the Lokibot campaigns have found a way to serve their malware almost undetected or at least without any known host that can take down easily or be blocked. What they have done with this series of campaigns is abuse a new(ish) service NGROK which basically acts as a proxy, direct tunnel or VPN from the miscreant’s home computer or server that effectively puts the malware in the cloud & bypasses all firewalls etc. I can’t see anything in their TOS prohibiting malware, phishing, scams etc, just a general no … Continue reading →