There has been a big rise in infections coming from LokiBot: an open-source DIY malware package for Windows, which is openly sold or traded for free in underground forums. It has the ability to steal passwords and cryptocurrency wallets and it can also download and install new malwares.

In an alert published on last week, the Department of Homeland Security’s Cybersecurity and Infrastructure Agency and the Multi-State Information Sharing & Analysis Center said LokiBot activity has risen up significantly in the past two months. This was measured by “EINSTEIN” an automated intrusion-detection system for collection, correlating, analyzing and sharing computer security information across the federal civilian departments and agencies.

“CISA has observed a notable increase in the use of LokiBot malware by malicious cyber actors since July 2020,” Tuesday’s alert stated. “Throughout this period, CISA’s EINSTEIN Intrusion Detection System, which protects federal, civilian executive branch networks, has detected persistent malicious LokiBot activity.”

This malware includes a keylogger which can record passwords and other sensitive data, a code that can obtain passwords stored in browsers, administrative tools and cryptocurrency wallets and can steal information from more than 100 different applications according to security firm Gigamon.