Windows 10 News and info | Forum
October 26, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: CISA warns of notable increase in LokiBot malware  (Read 12 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 31899


I Do Windows


WWW Email
« on: September 25, 2020, 01:57:28 PM »
ReplyReply

"CISA has observed a notable increase in the use of LokiBot malware by malicious cyber actors since July 2020."



The US government's cyber-security agency has issued a security advisory today warning federal agencies and the private sector about "a notable increase in the use of LokiBot malware by malicious cyber actors since July 2020."

The Cybersecurity and Infrastructure Security Agency (CISA) said that its in-house security platform (the EINSTEIN Intrusion Detection System) has detected persistent malicious activity traced back to LokiBot infections.

The July spike in LokiBot activity seen by CISA was also confirmed by the Malwarebytes Threat Intelligence team, which told ZDNet in an interview today that they've also seen a similar spike in LokiBot infections over the past three months.


Image: Malwarebytes (supplied)

This is a cause of alarm as LokiBot is one of today's most dangerous and widespread malware strains. Also known as Loki or Loki PWS, the LokiBot trojan is a so-called "information stealer."

It works by infecting computers and then using its built-in capabilities to search for locally installed apps and extract credentials from their internal databases.

By default, LokiBot can target browsers, email clients, FTP apps, and cryptocurrency wallets.

However, the malware is far more than a mere infostealer. Across time, LokiBot evolved and now also comes with a real-time key-logging component to capture keystrokes and steal passwords for accounts that aren't always stored in a browser's internal database, and a desktop screenshot utility to capture documents after they've been opened on the victim's computer.

Furthermore, LokiBot also functions as a backdoor, allowing hackers to run other pieces of malware on infected hosts, and potentially escalate attacks.

The malware made its debut in the mid-2010s when it was first offered for sale on underground hacking forums. Since then, the LokiBot malware has been pirated and broadly distributed for free for years, becoming one of today's most popular password stealers, primarily among groups of low- and medium-skilled threat actors.

Multiple groups are currently distributing the malware, via a wide variety of techniques, from email spam to cracked installers and boobytrapped torrent files.

In terms of prevalence and numbers, SpamHaus ranked LokiBot as the malware strain with the most active command-and-control (C&C) servers in 2019. In the same ranking, LokiBot is currently second in the first half of 2020 [PDF].

LokiBot also ranks third on AnyRun's all-time ranking of the most analyzed malware strains on its malware sandboxing service.

Credentials stolen via LokiBot usually end up on underground marketplaces like Genesis, where KELA believes LokiBot is the second most popular type of malware that supplies the store.

The CISA LokiBot advisory published today contains detection and mitigation advice on dealing with LokiBot attacks and infections. Additional resources for studying and learning about LokiBot are available on its Malpedia entry.

LokiBot should not be confused with a similarly named, now-defunct Android trojan.

source
Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page October 15, 2020, 08:53:25 PM