Loki god of …?

In the field of IT Security, one learns very quickly that there’s always another security risk around the corner. An old favourite, the Loki Botnet, is back for another bite of the pie shortly after the fun with WannaCry a week ago.

( Loki a god in Norse mythology, was sometimes good and sometimes bad. Loki the virus is all bad. )

Loki is a malware bot that steals passwords from applications and e-wallets, and it’s been around since early 2015, so has a solid track record. There is a new variant doing the rounds and it’s upped the ante with the ability to steal credentials from over 100 applications. The virus initiates via email PDF attachment or web download so the standard advice of being wary of attachments applies.

It’s unclear at this time if the malware is stealing credentials from stored password databases or from the application itself while running. In all cases, it’s important to:

  1. not execute unknown email attachments
  2. use strong passwords
  3. make use of AV and anti-malware software

On a related note, browsers are often targets of password stealing malware – Firefox, IE, Opera and Safari are all on the list of browsers that Loki ‘supports’. Of note, Firefox ( and related browsers ) is the only one out of this bunch that supports a master password.

Firefox by default stores passwords in a file that is encrypted. Without a master password, this file could be copied to another Firefox instance and viewed there. The master password applies additional encryption and essentially 2FA which means that the password file is useless without the master password.

Chrome/IE uses the OS’ secure encrypted storage ( eg. WPA, Keychain or Wallet ) to store your information – if the OS is compromised then so are your details.

It’s useful to know that using sync solutions ( eg. Google SmartLock, Apple iCloud ) will mean that your details are stored on someone else’s systems and may be accessible by the provider.

Browser password managers know which site is related to which password entry – this means that they can protect you against phishing and other attacks( by checking SSL certs ) using lookalike sites and other tomfoolery. This is another reason to use SSL-encrypted sites.

I’ve written about password managers before, but to reiterate, if you want the best in password management and security, use a dedicated password manager. They provide strong encryption, master password and  encryption keys. And some provide neat tools to auto-input credentials into web sites and applications.