CISA Issues Advisory After a Spike in LokiBot Malware Activity

stealing credentials from several applications and data resources, such as Firefox, Safari, and Chrome web browsers. It likewise rips off credentials utilized for email accounts, sFTP and FTP clients.

The malware can be used to steal other sensitive data and cryptocurrency wallets and can set up backdoors in victims’ devices to have continual access, enabling the people behind the malware to install more malicious payloads.

The malware links with its Command and Control Server and downloads information through HyperText Transfer Protocol. The malware was detected employing process hollowing to put itself into legitimate Windows processes like vbc.exe to elude detection. It’s possible for the malware to also duplicate itself and be stored in a concealed file and directory.

The LokiBot is a rather simple malware, yet many threat actors like using this tool. It is employed in numerous cases of data compromise. As of July, a considerable increase in LokiBot activity has been identified by the EINSTEIN Intrusion Detection System of CISA.

LokiBot is frequently delivered through email as a malicious file attachment; but, starting in July, hackers are propagating the malware in various ways, for instance, hyperlinking to websites that host the malware delivered by SMS or text messaging apps.

Data stealers have become famous throughout the COVID-19 pandemic, particularly LokiBot. As per F-Secure, LokiBot was the most frequently identified data stealer in the first six months of 2020, .

CISA has provided the following guidelines to follow to reinforce protection against LokiBot and other data stealers:

  • Implementing antivirus software and making sure to update the virus definition lists
  • Using patches for vulnerabilities immediately
  • Turning off file and printer sharing services. If that is impossible, use strong passwords or implement ID authentication
  • Employ multi-factor authentication as added security to accounts
  • Limit user permissions to install and execute software apps
  • Impose the usage of strong passwords
  • Give employees the proper HIPAA training and encourage them to observe caution when accessing email attachments
  • Use a spam filtering tool
  • Employ a personal firewall on workstations and set up the firewall to reject unsolicited interconnection requests
  • Keep track of web activity and use a web filter to keep employees from visiting disagreeable websites
  • Scan all software programs downloaded from the web before allowing it to run
About Christine Garcia 1297 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at