AskCyberSecurity.com

Cyber Security News & Information

AskCyber Home » News » News » DHS Warns of Increase in LokiBot Malware Attacks

DHS Warns of Increase in LokiBot Malware Attacks

by

CISA LokiBot Malware

Credential and infostealing malware targets Android and Windows Devices

The US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued an alert detailing the use of LokiBot malware to steal sensitive information. CISA’s Alert (AA20-266A) notes an increase in LokiBot activity since July 2020.

CISA recommends that all federal, state, local, tribal, territorial government, private sector users take steps to mitigate LokiBot and other malware attacks.

LokiBot malware is a Trojan used to steal credentials and harvest other sensitive information from compromised devices. It targets both Windows and Android users. Hackers infect electronic devices through email attachments, malicious websites, SMS text messages, and other private messages.

“Throughout this period, CISA’s EINSTEIN Intrusion Detection System, which protects federal, civilian executive branch networks, has detected persistent malicious LokiBot activity,” says CISA

Malwarebytes

In June 2020, LokiBot malware was used in a global phishing email campaign which impersonated the World Health Organization (WHO) The emails attempted to trick recipients into opening a malicious email attachment. The attack leveraged CVE-2017-11882 (Office Equation Editor). Messaging in the email offered COVID-19 tips and information. Once compromised the infostealer malware harvested FTP credentials, email passwords, passwords saved in web browsers.

READ LokiBot Malware Steals Information from Infected Computers

LokiBot Malware

This malware was first seen in 2015. LokiBot is also referred to as Lokibot, Loki PWS, and Loki-bot. The malware is commonly used to steal credentials through the use of a keylogger. It can also establish a backdoor to compromised machines allowing the attackers to deploy more malware.

LokiBot has been reported as:

  • A fake launcher for Fortnite
  • In spear phishing attacks
  • As an Android banking Trojan

It has even been found to be preinstalled on Android devices.

Malware Mitigation

CISA recommends implementing best practices to defend against LokiBot malware as well as other cyber attacks.

  • Keep all antivirus applications kept up to date
  • Patch operating systems with the latest security patches
  • Disable file and printer sharing services
  • Require the use of multi-factor (MFA) authentication on all apps and devices
  • Require the use of strong, hard-to-guess passwords

All software downloads should be scanned for malware

The remainder of CSI’s recommendations can be found in the advisory.

Users should be educated about opening email attachments or clicking on links in emails even when they believe they know the sender. Read our guide and how to detect a phishing email to help understand how malicious emails work.

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers