CISA warns of notable increase in LokiBot malware

Follow the links for mitigation…:

[…] Multiple groups are currently distributing the malware, via a wide variety of techniques, from email spam to cracked installers and boobytrapped torrent files.

In terms of prevalence and numbers, SpamHaus ranked LokiBot as the malware strain with the most active command-and-control (C&C) servers in 2019. In the same ranking, LokiBot is currently second in the first half of 2020 [PDF].

LokiBot also ranks third on AnyRun’s all-time ranking of the most analyzed malware strains on its malware sandboxing service.

Credentials stolen via LokiBot usually end up on underground marketplaces like Genesis, where KELA believes LokiBot is the second most popular type of malware that supplies the store.

[Editor’s note: 90% of all stolen credentials on the Genesis Store came from the AZORult malware]

The CISA LokiBot advisory published today contains detection and mitigation advice on dealing with LokiBot attacks and infections. Additional resources for studying and learning about LokiBot are available on its Malpedia entry.


Original article here