Monday, January 25, 20:32
Home security LokiBot: CISA warns of increased malware activity

LokiBot: CISA warns of increased malware activity

CISA yesterday issued a security alert to inform federal agencies and the private sector of a significant increase in the use of LokiBot malware by hackers, since last July.

In particular, CISA stated that the internal platform security (the system intrusion detection EINSTEIN) has detected a number of malicious activities, behind which LokiBot malware is hiding. The sharp increase in LokiBot activity since July, was confirmed to ZDNet and his team Malwarebytes Threat Intelligence.


This is a matter of particular concern, as LokiBot is one of the most dangerous and widespread malware strains currently present in the threat landscape. The LokiBot trojan, which is also known as Loki or Loki PWS, is the so-called "information thief" (infostealer).

In terms of its action, LokiBot infects computers and then uses its built-in capabilities to search for locally installed applications and steal credentials from internal bases data their. In addition, LokiBot can target e-mail clients, browsers, FTP applications and encryption wallets.

LokiBot malware

However, malware is more than just an infostealer. Over time, LokiBot has evolved and now also comes with a real-time key-logging component to record keystrokes and steal passwords for accounts that are not always stored in the browser's internal database, and a desktop screenshot utility to download documents after they are opened on the victim's computer. In addition, LοkiBot also works as backdoor, allowing hackers to run other pieces of malware on infected servers and possibly scalable attacks.

Malware first appeared in the mid-2010s when it first appeared for sale on hacking forums. Since then, it has been hacked and widely distributed for free for years. He is one of the most popular password "thieves" today. Many hacking groups currently distribute malware during their attacks, using a variety of techniques - from spam emails to cracked installers and boobytrapped torrent files.

LokiBot malware

SpamHaus ranked LokiBot as the most active command-and-control malware servers (C&C) in 2019. In the same ranking, LokiBot is currently second in the first half of 2020. LokiBot is also ranked third in the AllRun all-time ranking, with the most analyzed malware executives in the sandboxing malware service.

The credentials that hackers steal through LokiBot usually end up in underground markets like Genesis, where LokiBot is the second most popular type of malware traded.

The advice that CISA published yesterday about LokiBot, includes detection and mitigation tips for dealing with malware attacks and infections.

Finally, it is worth noting that LokiBot should not be confused with a similar, now inactive, Android trojans.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...

SpaceX launched 143 satellites simultaneously

SpaceX broke every record with its last spacecraft mission into orbit. The company successfully launched the Transporter-1 mission ...

Sony may resurrect the Xperia Compact to compete with Apple

Have you seen the iPhone 12 mini and wish there was an Android equivalent to this small but powerful smartphone? Can the desire ...

Artificial intelligence (AI) may one day be used against us

AI algorithms offer us the news we read, the ads we see, and in some cases even drive cars ...