One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2000278 |
| Date de publication | 2020-10-28 11:00:00 (vue: 2020-10-28 11:05:48) |
| Titre | LokiBot Malware: What it is and how to respond to it |
| Texte | This blog was written by an independent guest blogger. The Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security recently announced that activity in LokiBot, a form of aggressive malware, has increased dramatically over the last two months. The activity increase was discovered by an automated intrusion detection system referred to as EINSTEIN, which the Department of Homeland Security uses for collecting and analyzing security information across numerous government agencies. Following the detection, CISA issued a security advisory warning to Federal agencies and private sector entities alike about the malware. Malware is essentially a piece of software or firmware that is intentionally placed into a system (or host) for malicious purposes (hence the term ‘malware’). It has long been a major problem, but it’s only become worse since the coronavirus pandemic began as hackers and cybercriminals have sought to take advantage of the chaos created by the situation. LokiBot is one such example. In this article, we will dive into what exactly LokiBot is and the threat it poses, the techniques that were used to deploy this malware, and then the steps you can take to remove it from an infected system. What is Lokibot? LokiBot was first released on underground forums for hackers to target Microsoft Android phones in early 2016. Since then, it has grown to become a much more widespread and dangerous threat than it originally was, as it has been widely distributed via torrent files and email spam (among other techniques) by low-to-mid level hackers targeting passwords. At this point, LokiBot is among the most prevalent forms of malware, and for 2020 has actually been the single most common form of malware used to attack command-and-control servers. LokiBot can infect computers and mobile devices alike by searching for locally installed applications. The malware then searches for credentials from the internal databases of those applications and attempts to extract them. LokiBot also comes with a keylogging feature that allows it to capture keystrokes in order to determine the passwords used for accounts that may not be stored in those internal databases as well. As a result of these capabilities, mobile applications, cryptocurrency wallets, emails, and browsers alike are all vulnerable to LokiBot. The good news is that LokiBot is far invincible. For example, storing your data in the cloud will be one of the best defense measures that you can make because your data will be stored encrypted, decentralized, and ultimately harder to obtain. How big of a threat does LokiBot pose? Even though LokiBot has become much more prominent than it once was, the real question that needs to be asked is: even though it’s common, how big of a threat actually is it? One of the biggest concerns with LokiBot isn’t just the fact that it can target everything from emails to cryptocurrency wallets, it’s also that it can create a backdoor to allow a hacker to install additional malicious software and steal information. LokiBot also makes use of a very simple codebase that makes it easy for lower level cybercriminals to use. If anything, it’s for this reason that it’s become so widely used. Furthermore, LokiBot utilizes methods to make it seem like nothing is hap |
| Envoyé | Oui |
| Condensat | “advanced “choose “hide “startup 2016 2020 about above account accounts across actions activity actually additional advantage advisory affected after against agencies agency aggressive alike all allow allows also altogether always among analyzing android announced antivirus any anything anyway applications apps archive are article artificial asked asking attachment attack attempting attempts automated autoruns backdoor based basic because become becoming been began being believe best big biggest bit blog blogger breaching browser browsers but button can cannot capabilities capable capture cautious chances chaos cisa click cloud codebase collecting comes command common company completely complex computer computers concerns conclusion control coronavirus create created creating credentials critical cryptocurrency cybercriminals cybersecurity dangerous data databases decentralized defense delete department depending deploy despite detection determine developed devices differ discovered distributed dive does down downloaded dramatically early easy effective einstein either eliminate email emails empty encrypted ends entities essentially even ever everything exactly example exe extract extremely fact falling false far feature federal file files firmware first firstly following follows: form forms forums from furthermore future get good government grown guest hacker hackers happening harder has have help hence highly hit hold homeland host how icon identify identifying increase increased increases indeed independent individual infect infected information informing infrastructure innovative install installed installing intelligence intentionally internal intrusion invincible is: isn’t issue issued it’s it just keep keeping key keyboard keylogging keystrokes know knowing last legitimate let level like likely limit list locally locate locations” login logo lokibot long looking low lower major make makes malicious malware malware: manager may measures methods microsoft mid mobile mode months more most much name need needs news normal normally not nothing notification now numerous obtain odds once one ongoing online only open operating option” options” order originally other otherwise outlook over own pandemic particularly passwords people phase phones piece place placed point pose poses power precautions prepared presence prevalent priorities privacy private problem procedure process process: professional professionals program programs prominent protect protecting provide purposes question real realistic reason reboot recently recorded reduce reducing referred refresh released relevant remove removed resigned respond restarted result rid right rise run safe scam search searches searching secondly sector security seem seemingly select send sent server servers settings” shift short should shows simple simulations since single situation software sought source spam specific stated steal steps stored storing strategies strategy such supposedly suspicious system take taking target targeting task techniques term than them then these those though threat top torrent transaction trust trusted two ultimately uncheck underground unrecognizable upcoming use used users uses using utilizes very victim vulnerable wallets want warning well what whatsapp when which who widely widespread will windows work worse would written years you’ve your yourself |
| Tags | Spam Malware Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.