Warning: Lokibot Is Looking to Access Your Android

This time of year is always busy for me. Between pre-holiday online shopping, and the push to connect with friends before the season gets underway, it’s especially a busy time of year for my online activity.

In an age of social technology, we use our apps to help get through our active holiday calendar. We use our messaging apps to connect with friends on the go, and our banking apps to balance accounts, as well as send and receive money from loved ones. We need our apps to make the holidays happen. Which, unfortunately, makes the new LokiBot malware the perfect Trojan horse to infiltrate your mobile device.

What is Lokibot?

Lokibot is a new Android banking trojan that’s targeting mobile banking applications and communication apps like WhatsApp, Skype, and Outlook. Much like its banking Trojan counterparts, Lokibot disguises itself as the login screen of your banking app, hoping to trick you into giving it administrative access. Once it has access, it can use your browser and SMS texts against you to share your personal information with cybercriminals and spread spam to all of your contacts. According to researchers, this Trojan has targeted at least 119 apps already.

How Does Lokibot work?

Lokibot is like an unwanted guest, it just won’t leave. When users realize they’ve been duped and try to remove the trojan’s administrative privileges, it automatically locks the device and turns into ransomware. Fortunately, the Lokibot ransomware feature is faulty and has only been successful at renaming files instead of encrypting them. Unfortunately, Lokibot still has the ability to lock you out of your phone.

How do I protect myself?

The good news is: if your device has been infected, you can give Lokibot the boot by putting your phone into Safe Mode and removing the malicious application along with its admin user privileges. When it comes to cybersecurity, everybody knows that the best defense is a good offense. You can keep your devices safe by following these tips:


  • Don’t fall for the money bait. If you see an unanticipated “deposit” notification from your banking app, contact your bank directly. Lokibot is known to use fake notifications to lure unsuspecting users into its trap.
  • Keep an eye out for fishy looking login screens. Trojans are masters of disguise and often gain access when users give up their access for login to what appears to be a trusted app. If it looks suspicious, proceed with caution.
  • Download your apps from a legitimate source. Google Play has strong security standards for their applications. If an app is no longer supported in the play store, you should delete it immediately.


Following these steps will help keep you out of Lokibot’s way, so you can enjoy your busy holiday season.


Can’t get enough mobile security tips and trends? Follow @McAfee_Home on Twitter, and like us on Facebook.

Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from Mobile Security

Back to top