CISA: LokiBot Stealer Storms Into a Resurgence

2020-09-23 15:27

The U.S. Cybersecurity and Infrastructure Security Agency is warning that the LokiBot info-stealing trojan is seeing a surge across the enterprise landscape.

LokiBot targets Windows and Android endpoints, and spreads mainly through email.

To boot, LokiBot can also act as a backdoor into infected systems to pave the way for additional payloads.

Like its Viking namesake, LokiBot is a bit of a trickster, and disguises itself in diverse attachment types, sometimes using steganography for maximum obfuscation.

To boot, researchers have seen the malware being sold as a commodity in underground markets, with versions selling for as little as $300. With all of these factors taken together, LokiBot represents "An attractive tool for a broad range of cyber actors across a wide variety of data compromise use cases," according to CISA. Saryu Nayyar, CEO at Gurucul, noted that the advisory is another indication of how malware authors have turned their malicious activities into a scalable business model.

News URL

https://threatpost.com/cisa-lokibot-stealer-resurgence/159495/

#cisa #lokibot