2 min

An open-source DIY malware package for Windows named LokiBot, has US federal and state officials worried, after a noticeable upward trend in infections. The malware is openly traded and sold for free in underground forums.

With it, hackers can steal passwords and cryptocurrency wallets. It is also capable of downloading and installing new types of malware.

On Tuesday, the Department of Homeland Security’s Cybersecurity and Infrastructure Agency published an alert, in tandem with the Multi-State Information Sharing & Analysis Center, about LokiBot activity increase in the past two months.

Ease-of-use contributing to high usage rate

The uptick in infections was measured by an automated intrusion-detection system that collects, correlates, analyzes and shares computer security information in federal civilian departments and agencies, named Einstein.

Einstein detected persistent and malicious activity from LokiBot. While LokiBot may not be as prevalent or worrying as the Emotet botnet, it still poses a serious threat. As an info-stealer, LokiBot can spread through several methods that include email attachments, trojans on pirated or free apps, and exploiting software bugs.

The malware has a simple interface and reliable codebase that makes it a favourite choice among cybercriminals, including those who are new to the scene and posses limited technical skills.

LokiBot may not be Emotet but should not be underestimated

Einstein is not the only source measuring LokiBot activity. The Senior Director of threat research and detection at the security firm ProofPoint, Sherrod DeGrippo, said that Emotet dwarfs LokiBot.

The order of magnitude shows Emotet volume at 300,000 versus LokiBot’s 1000. Exceptions have showed up though, as Thursday saw a LokiBot run of more than a million messages.

The list of capabilities possessed by LokiBot is long. Some of the main features include a keylogger that records sensitive keystrokes and passwords, code that collects passwords stored in browsers, admin tools, and crypto-wallets and can steal information from more than 100 different apps.

Also read: Cybercrime becomes more sophisticated: ‘we can’t continue like this.’