Trojan
Crypto Stealer
Keylogging
Credential Stealer
LokiBot—also known as Loki PWS and Loki-bot—is a Trojan malware designed to steal sensitive information, including usernames, passwords, and cryptocurrency wallet credentials. This malware operates by employing a keylogger to monitor browser and desktop activity. Additionally, LokiBot creates a backdoor into infected systems, enabling attackers to deploy additional payloads. The malware primarily targets Windows and Android operating systems and spreads through phishing emails, malicious websites, and private messages.
LokiBot thrives through phishing campaigns that leverage malicious email attachments, websites, and compromised software. The malware often impersonates legitimate files or applications to trick users into execution.
Data Theft Operations
Once executed, LokiBot extracts credentials stored in web browsers, email clients, and other applications. Keylogging capabilities enable it to capture real-time user inputs, sending the stolen data to remote command-and-control servers managed by threat actors.
Adaptability and Variants
Since its initial discovery in 2015, LokiBot has evolved significantly. The leak of its source code in 2018 allowed attackers to create multiple variants, enhancing its capabilities and ensuring it remains a prominent threat across industries.
Use email filters to block malicious attachments and links
Regularly update software and operating systems to fix security vulnerabilities
Deploy endpoint protection to detect and neutralize malware threats
Enable multi-factor authentication for an added security layer
