Stay updated with the latest cybersecurity news.

LokiBot: All you need to know about this info stealer

By Reason Cybersecurity

on Tue Mar 09 2021

First rearing its ugly head in 2015, six years later, LokiBot malware is still a favorite tool of cyber criminals who use it to steal sensitive information. Indeed, not only is it a favorite of cyber criminals but according to the Cybersecurity and Infrastructure Security Agency (CISA), there’s also been a pronounced uptick in its use since July 2020. LokiBot is also known as  Loki PWS, Loki bot, and Loki-bot, but whatever you call it, this is a bad bot.

What exactly is LokiBot? 

Loki-Bot is a type of Trojan malware spread via spam emails, malicious attachments, malicious websites, or by exploiting software vulnerabilities.  One of the most recent versions of LokiBot attempts to infect its targets by impersonating the Epic Games launcher used for Fortnite, an online video game.  Researchers believe that phishing emails, complete with a legitimate-looking Epic Games logo, are used to distribute the fake launcher.

What happens when you’ve been infected?

Regardless of the method used to deliver it, LokiBot is one of today’s most dangerous and widespread malware.  LokiBot malware analysis has shown that LokiBot employs a keylogger to monitor its victim’s desktop and browser activity so hackers can capture usernames, passwords, bank information, contents of cryptocurrency wallets, and other personal data. It is also capable of disabling notifications, intercepting communications, and acting as a backdoor for installing additional payloads and performing other malicious actions. Furthermore, the latest version of LokiBot now has more layers of encryption, which makes it better at avoiding detection. 

But it’s not invincible

Because it is simple for them to implement, yet also highly effective at inflicting damage, LokiBot is a popular malware tool for cyber criminals, including those who are new to cyber crime or have relatively few technical skills. It can easily be purchased on underground forums too, which is another reason for its popularity. In fact, it’s so popular, you can even find setup videos publicly available on YouTube. Thankfully, however, LokiBot is far from invincible. There are highly effective, easy-to-implement defensive measures too that users can take to protect themselves.

Be mindful. Exercise caution when opening or downloading documents or attachments from an unknown source; don’t open or download any document unless you are certain it came from a source that is reliable and trustworthy. And even then, confirm with the source that the file is safe before you open it. Sometimes those trustworthy sources were unknowingly infected with malware that sends out fake emails. 

Use an antivirus. It’s probably safe to assume you have door locks installed on your home to keep out intruders. Similarly, you need to be just as vigilant when it comes to your electronic devices. Not installing an antivirus on your computer or laptop is akin to not having a lock on your front door; while once upon a time we could have left home without locking our front door, we can’t do that any longer. The same is true for your computers; you need antivirus protection to keep out the cyber criminals. Look for an antivirus with anti-phishing protection and a malicious website blocker to help protect you from dangerous emails and websites.

Stay patched!  One of the biggest and most common mistakes users make is to forget or disregard the reminders to update their software. Operating systems, browsers, and other types of software will frequently send out patches to vulnerabilities in their software. And while most reputable antivirus packages automatically update with the latest virus database, the point is the same: don’t ignore those software updates. They could be what protects you from a LokiBot attack. Next time you think about skipping or delaying that patch, remember this:  60% of breaches involved a software vulnerability for which a patch was available but just wasn’t applied.

On the lookout for LokiBot

Given the evolving power of LokiBot, its easy accessibility and implementation, and the huge payoff it delivers once it has reached its target, all indications are that LokiBot will remain a threat for some time to come. Fortunately, you can protect yourself: Be on the lookout for LokiBot by avoiding suspicious documents, keep your software updated, and install a modern antivirus that can protect you from phishing attacks and malicious websites.