Security News > 2021 > February > LodaRAT Windows Malware Now Also Targets Android Devices

A previously known Windows remote access Trojan with credential-stealing capabilities has now expanded its scope to set its sights on users of Android devices to further the attacker's espionage motives.

"The developers of LodaRAT have added Android as a targeted platform," Cisco Talos researchers said in a Tuesday analysis.

"A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities."

The Android malware is also different, as it particularly avoids techniques often used by banking Trojans, like abusing Accessibility APIs to record on-screen activities.

Besides sharing the same command-and-control infrastructure for both Android and Windows, the attacks, which originated in October 2020, have targeted banks and carrier-grade voice-over-IP software vendors, with clues pointing to the malware author being based in Morocco.

The attackers also made of a myriad number of social engineering tricks, ranging from typo squatted domains to malicious RTF documents embedded in emails, that, when opened, triggered an infection chain that leverages a memory corruption vulnerability in Microsoft Office to download the final payload. While the Android version of the malware can take photos and screenshots, read SMS and call logs, send SMS and perform calls to specific numbers, and intercept SMS messages or phone calls, its latest Windows counterpart comes with new commands that enable remote access to the target machine via Remote Desktop Protocol and a "Sound" command that makes use of BASS audio library to capture audio from a connected microphone.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/Yqhdx5Opmdo/lodarat-windows-malware-now-also.html