The software known as “information-stealing” malware, including LokiBot, is made to take everything from cookies and system information to multifactor authentication bypassing credentials for email accounts, credit card details, and cryptocurrency wallets. Due to its simplicity of usage, researchers claim LokiBot particularly appeals to a clientele with less technical expertise. This helps to account for its unique persistence because it has been among the top five malware variants since 2018.
A recent study by Cofense threat analyst Madalynn Carr found that the LokiBot malware is delivered via email attachment in two-thirds of attack attempts. The majority of additional attack attempts employ a delivery method that, in 82% of instances, focuses on a 23-year-old memory corruption.