The US Cybersecurity and Infrastructure Security Agency (CISA) has raised an alarm about the increase in LokiBot activity. This is a malware that is often disguised as a harmless attachment but steals vital information from users. According to the agency’s EINSTEIN Intrusion Detection System, LokiBot activity has risen dramatically in 2020.
LokiBot, also known as Loki PWS, is a trojan horse that attacks browsers, email clients, FTP apps, and cryptocurrency wallets. Interestingly, LokiBot has mutated from an information-stealer to a real-time key-logging component. Actually, it captures keystrokes, steals passwords, and accesses the desktop screen to take screenshots of sensitive. Moreover, the malware also creates a backdoor for itself, rendering the targeted system helpless to escalated attacks.
CISA’s advisory against LokiBot divulges the several MITRE ATT&CK techniques that the malware uses. Notably, it highlights, ‘System Owner/User discovery’, ‘Exfiltration over C2 channel’, and ‘Input Capture: Keylogging’.
Despite being detected in 2015, the malware has increased its ferocity on the web in 2020, especially since July.
In the alarm, the cybersecurity agency also specified significant methods and practices that could protect computer systems from future LokiBot attacks. For users to stay safe, they should use up-to-date antivirus protection, updated OS patches, and strong passwords.
LokiBot’s Malpedia entry also provides resources for protection against malware.