CISA has issued special awareness regarding increased activity by this stealth malware which captures USER-ID & PSWD information as user keys this information

LokiBot—also known as Lokibot, Loki PWS, and Loki-bot—employs Trojan malware to steal sensitive information such as usernames, passwords, cryptocurrency wallets, and other credentials.

  • The malware steals credentials through the use of a keylogger to monitor browser and desktop activity

  • LokiBot can also create a backdoor into infected systems to allow an attacker to install additional payloads

  • Malicious cyber actors typically use LokiBot to target Windows and Android operating systems and distribute the malware via email, malicious websites, text, and other private messages