TTCSIRT-363.09.25.20: TT-CSIRT ADVISORY – LokiBot Malware

There has been a notable increase in the use of LokiBot malware by malicious cyber actors since July 2020.

Throughout this period, CISA’s EINSTEIN Intrusion Detection System has detected persistent malicious LokiBot activity.

LokiBot uses a credential- and information-stealing malware, often sent as a malicious attachment and known for being simple, yet effective, making it an attractive tool for a broad range of cyber actors across a wide variety of data compromise use cases.

LokiBot, also known as Lokibot, Loki PWS, and Loki-bot—employs Trojan malware to steal sensitive information such as usernames, passwords, cryptocurrency wallets, and other credentials.

For further information and support, please visit the following link:
https://us-cert.cisa.gov/ncas/alerts/aa20-266a