Lokibot (Loki Password Stealer)

Posted: December 24, 2023
from Cybersecurity Glossary
Aliases:
Lokibot, Loki-bot, Loki Android Trojan, Loki Password Stealer
Platform:
Windows , Android
Variants:
LokiBot+Stealer, LokiPWS, LokiBot Android
Damage:
Stolen Credentials, Stolen Crypto Wallet Funds, Data Theft, Opening Backdoors For Other Malware (Like Ransomware), Showing Malicious Ads
Risk Level:
High

LokiBot, an extensively distributed trojan, focuses on extracting credentials and other sensitive information from Windows and Android devices. It transmits the acquired data to remote servers controlled by the attacker. Additionally, LokiBot operates as a keylogger, enabling attackers to establish backdoor access and deploy other malware, often ransomware, on the compromised device. Authentic and cracked versions of the LokiBot malware are available for purchase on dark web marketplaces.

Possible symptoms

  • Unusual system behavior, such as unexpected pop-ups or system slowdowns.
  • Anomalous network activity, especially increased data traffic to unfamiliar destinations.
  • Unauthorized access or changes to sensitive files and data.
  • Presence of unfamiliar or suspicious processes in the system's task manager.

Sources of the infection

  • Phishing attacks via email, social engineering, or malicious websites, leading to the unintentional installation of LokiBot.
  • Compromised software or applications, as LokiBot may exploit vulnerabilities to gain access to the system.
  • Malicious attachments or links in emails and messages, triggering the download and execution of LokiBot payloads.
  • Drive-by downloads from compromised or malicious websites, exploiting vulnerabilities in the browser or plugins.

Overview

LokiBot, also known as Lokibot, Loki-bot, Loki Android Trojan, and Loki Password Stealer, is a widespread trojan with the primary objective of pilfering credentials and providing attackers with backdoor access to both Windows and Android devices. This malicious software poses a significant threat by stealing sensitive information, including login credentials and crypto wallet funds, conducting data theft, opening backdoors for other malware such as ransomware, and displaying malicious ads.

LokiBot operates as a keylogger, facilitating the extraction of credentials, and establishes backdoor access, enabling attackers to deploy additional malware on compromised devices. Authentic and cracked versions of LokiBot are available for purchase on dark web marketplaces, contributing to its extensive distribution.

The symptoms of LokiBot infection include unusual system behavior, such as unexpected pop-ups or system slowdowns, anomalous network activity with increased data traffic to unfamiliar destinations, unauthorized access or changes to sensitive files and data, and the presence of unfamiliar or suspicious processes in the system's task manager.

LokiBot primarily spreads through phishing attacks via email, social engineering, or malicious websites, leading to unintentional installations. It may also exploit vulnerabilities in compromised software or applications, use malicious attachments or links in emails and messages, and take advantage of drive-by downloads from compromised or malicious websites.

If you suspect your system is infected with LokiBot, immediate action is crucial. Isolate the infected device from the network, run a thorough antivirus scan using Gridinsoft Anti-Malware, change all passwords, especially for sensitive accounts, monitor financial transactions for unauthorized activities, and consider seeking professional assistance for complete malware removal.

To prevent LokiBot infections, adopt proactive measures such as keeping operating systems and software up-to-date, using Gridinsoft Anti-Malware for regular scans, avoiding downloads from untrusted sources, exercising caution with links and email attachments, implementing strong, unique passwords, enabling multi-factor authentication, regularly backing up important data, and monitoring network traffic with intrusion detection systems.

🤔 What to do?

If you suspect your system is infected with LokiBot, take immediate action:

  • Isolate the infected device from the network to prevent further data leakage.
  • Run a thorough antivirus scan using Gridinsoft Anti-Malware to detect and remove the malware.
  • Change all passwords, especially sensitive accounts such as banking and email, from a clean device.
  • Monitor financial transactions for any unauthorized activities and report them immediately.
  • Consider seeking professional assistance to ensure complete removal of the malware.

🛡️ Prevention

To prevent LokiBot infections, follow these technical measures:

  • Keep operating systems and software up-to-date with the latest security patches.
  • Use Gridinsoft Anti-Malware and perform regular scans on all devices.
  • Avoid downloading software or files from untrusted sources.
  • Exercise caution when clicking on links or opening email attachments, especially from unknown or suspicious sources.
  • Implement strong, unique passwords and enable multi-factor authentication where possible.
  • Regularly back up important data to an external and secure location.
  • Monitor network traffic for unusual patterns and employ intrusion detection systems.

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware