LokiBot is an information stealer that comes with a range of built-in capabilities to extract information from different applications and files. The malware was first spotted in mid-2010 when it was being sold on underground hacking forums. Due to its campaign alert has been given to be more cautious
The trojan is widely available as a pirated software and has been distributed for free for years among cybercriminals.
Cybercriminals usually spread malware via email, malicious websites, text, and private messages. LokiBot steals credentials by using a keylogger to monitor browser and desktop activities. Also capable to create a backdoor to install additional payloads on infected systems.
LokiBot has evolved a lot and now it comes with a wide variety of features and capabilities. To date, it can perform real-time key-logging, desktop screenshot utility, functioning as a backdoor, and more. The trojan could also be used by cybercriminals to escalate their attacks.
The trojan is continuously evolving and the recent advisory clearly indicates that its operators are planning rapid expansion in targeted attacks. Experts recommend organizations to regularly update antivirus solutions, install the latest patches, enable multi-factor authentication, apply strong password policy, and restrict access to malicious websites.