LOKI


 PLATFORM:

Windows

 OVERALL RISK RATING:
 REPORTED INFECTION:

  • Threat Type: Trojan Spy

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW


Loki is an information stealer first detected in February 2016. This malware first targeted Android systems and its capabilities include stealing credentials, disabling notifications, intercepting communications, and data exfiltration.

Loki also exhibited ransomware behavior, seen in October 2017, and was sold in underground hacking forums at one point. From August 2018 to present, Loki has targeted corporate mailboxes via phishing and spam emails. The phishing emails include a file attachment with .ISO extension. This attachment downloads and executes the Trojan that steals passwords from browsers, mail, File Transfer Protocol (FTP) clients, messaging applications and cryptocurrency wallets.

It is capable of the following:

  • Information theft

  • Exploits

  • Disabling notifications

Loki typically follows the infection chain below: