Security News > 2022 > November > LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities

The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta.

"The ease of access to its source code makes LodaRAT an attractive tool for any threat actor who is interested in its capabilities," Cisco Talos researcher Chris Neal said in a write-up published Thursday.

Aside from being dropped alongside other malware families, LodaRAT has also been observed being delivered through a previously unknown variant of another commodity trojan called Venom RAT, which has been codenamed S500. An AutoIT-based malware, LodaRAT is attributed to a group called Kasablanca and is capable of harvesting sensitive information from compromised machines.

In February 2021, an Android version of the malware sprang forth as a way for the threat actors to expand their attack surface.

The latest findings from Cisco Talos documents the altered variants of LodaRAT that have been detected in the wild with updated functionality, chiefly enabling it to proliferate to every attached removable storage device and detect running antivirus processes.

The bundling of LodaRAT alongside Neshta and RedLine Stealer has also been something of a puzzle, although it's being suspected that "LodaRAT is preferred by the attacker for performing a particular function."

News URL

https://thehackernews.com/2022/11/lodarat-malware-resurfaces-with-new.html