The United States Cybersecurity and Infrastructure Security Agency (CISA) released a warning that the LokiBot information-stealing trojan has seen a resurgence in activity starting in July 2020. LokiBot targets Android and Windows endpoints and mainly spreads through email, but can also spread through malicious websites, texts, and other forms of messaging. Through the use of a keylogger to monitor browser and desktop activity, the malware aims to steal personal information and credentials from the victim. LokiBot can also act as a backdoor for the threat actors to gain access to infected systems and use different payloads. The trojan has been adjusted multiple times and uses different disguises as a way to avoid detection, including steganography for maximum obfuscation. The malware has also been used to target a vast number of applications, most of the attacks being successful, which makes LokiBot all the more dangerous.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in