Keyloggers are some of the nastiest types of malware you can encounter online. Once installed on your system, they keep an eye on your keyboard and send all the data you type back to the hacker that spread them.
Then, before you know it, your bank account is drained. If you think this can’t happen to you, stay alert — keyloggers are real and they’re spreading rapidly. Tap or click here to see a keylogger campaign that started earlier this year.
And now, one of the web’s most notorious keyloggers is back to steal even more data. Lokibot, a dangerous Trojan, is scaling up its attacks on victims across the web. The issue has gotten so bad that the Department of Homeland Security is sounding the alarm. Here’s what you need to watch out for.
Lokibot was first spotted back in May of this year as part of a phishing campaign targeting Windows users. Microsoft tweeted out a warning about the malware to keep users on alert — but that wasn’t enough to stop Lokibot from spreading.
Flash forward to late September and Lokibot is back in the news again — this time courtesy of the Department of Homeland Security. The DHS is issuing a warning about Lokibot infections thanks to a dramatic spike in cases detected by security researchers.
But that’s not all. Lokibot attacks have grown so prevalent that security firms like Proofpoint have seen them pass the Emotet botnet on occasion. Tap or click here to see what Emotet is capable of.
For those who don’t know, Lokibot is principally a keylogger. But it’s capable of far more than just scanning your keyboard for credit card numbers. Here’s a quick list of just a few of its many features:
- Lokibot can uncover domain names and IP addresses.
- It’s able to hide and obscure its behavior on infected hosts.
- Lokibot can pretend to be legitimate Windows processes and interfere with programs.
- It’s able to communicate back and forth with the person controlling it.
- It can easily attach to malicious files without blowing its cover.
- Lokibot can steal keystrokes and typed data from all of the most popular browsers, as well as other programs like email clients. It can even detect typed data in the Windows operating system itself.
Right now, Lokibot is still primarily spread through phishing campaigns. This means it’s time to be hyper-vigilant about every single email that hits your inbox.
Wait, was there ever a time where we could relax about our emails?
You don’t need to be Thor to beat Lokibot
As with any phishing campaign, it’s all about unsolicited messages. If you get a message from a sender you don’t recognize, delete it without opening it. At this point in time, the risk is too great.
And even if the message looks like it’s from someone you know, check with them personally to make sure they actually sent you an attachment. Some phishing campaigns are advanced enough now to hijack accounts and spam their contacts with more malware.
As for your defenses, you’re in a good spot if you’re running the latest version of Microsoft Defender. The May update for Defender included new definitions for Lokibot — so if it makes its way on to your system Defender will recognize it.
Your next best move is to protect your online accounts. This means changing important passwords for your social media and financial accounts. You should also activate two-factor authentication on any sites that offer it. Tap or click here to find out how you can set up 2FA for your favorite websites.
As scary as keyloggers like Lokibot can be, you’ll probably be safe as long as you avoid strange emails and stick to familiar parts of the internet. It’s a golden age for cybercriminals these days — and nobody wants to be another statistic. Stay safe out there!