The Department of Homeland Security released an alert this week about a dangerous malware called LokiBot. The LokiBot malware was first discovered in 2015, but officials at the Department of Homeland Security have noticed a significant increase in its occurrence since the lockdowns have started this year. The LokiBot has the potential to cause significant damage to governments, private businesses and consumers. Increasing its awareness and methods of attack can reduce the amount of successful malware attacks.

What is the LokiBot?

The LokiBot is an open source DIY malware that has been in circulation for over 5 years. It employs trojan malware to steal information from users like usernames, passwords, cryptocurrency wallets and also has the ability to download new malware onto the affected device. The LokiBot can be transmitted through email attachments, software vulnerabilities and trojans in pirated or free apps. The malware steals information from users by using a keylogger; a keylogger is a monitoring software that records the keystrokes a user makes and this allows the hackers who deployed the LokiBot to get access to usernames and passwords. The LokiBot is deployed in the following sequence: 1) the user receives spam email with COVID-19 related subject 2) user clicks on a link or downloads a file 3) the file is downloaded or google drive is opened 4) the malware steals the sensitive information from the user 5) the malware sends the information back to the hacker’s server

Effects & Prevention:

A successful LokiBot campaign can lead to:

  • Selling of private information on the dark web
  • Hostage of online accounts or information for ransom
  • Spreading of trade secrets for private businesses
  • Sensitive government data being stolen

Businesses and individuals can take several steps to mitigate the risk of the LokiBot. This includes:

  • Education of employees: increasing the awareness of the LokiBot as a real and tangible threat is one of the most important aspects of preventing it. Many companies have had some sort of phishing awareness or training, so sending out an email acknowledging the LokiBot can be a great first step in prevention.
  • Prevent opening attachments from unknown and unverified senders: A good portion of businesses have ways to notify employees that an email is coming from an external source. This along with instructing employees to not open vague attachments can prevent the majority of LokiBot attempts.
  • Verify via other methods: If a business is working with a new potential client, it can be very enticing to open attachments. Many LokiBot campaigns are sophisticated to mirror real companies and can often be very deceiving. Verifying via phone calls or text messages with a real person can help remove any doubts before downloading any attachments.

To learn more about how you can protect your business against the LokiBot, talk to an expert here.