Security News > 2021 > February > LodaRAT Windows Malware Now Also Targets Android Devices
A previously known Windows remote access Trojan with credential-stealing capabilities has now expanded its scope to set its sights on users of Android devices to further the attacker's espionage motives.
"The developers of LodaRAT have added Android as a targeted platform," Cisco Talos researchers said in a Tuesday analysis.
"A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities."
The Android malware is also different, as it particularly avoids techniques often used by banking Trojans, like abusing Accessibility APIs to record on-screen activities.
Besides sharing the same command-and-control infrastructure for both Android and Windows, the attacks, which originated in October 2020, have targeted banks and carrier-grade voice-over-IP software vendors, with clues pointing to the malware author being based in Morocco.
The attackers also made of a myriad number of social engineering tricks, ranging from typo squatted domains to malicious RTF documents embedded in emails, that, when opened, triggered an infection chain that leverages a memory corruption vulnerability in Microsoft Office to download the final payload. While the Android version of the malware can take photos and screenshots, read SMS and call logs, send SMS and perform calls to specific numbers, and intercept SMS messages or phone calls, its latest Windows counterpart comes with new commands that enable remote access to the target machine via Remote Desktop Protocol and a "Sound" command that makes use of BASS audio library to capture audio from a connected microphone.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/Yqhdx5Opmdo/lodarat-windows-malware-now-also.html
Related news
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- Android malware uses NFC to steal money at ATMs (source)
- New NGate Android malware uses NFC chip to steal credit card data (source)
- Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC) (source)
- New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards (source)
- Windows 11 KB5041587 update adds sharing to Android devices (source)
- SpyAgent Android malware steals your crypto recovery phrases from images (source)
- New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys (source)
- Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide (source)
- New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram (source)