Novel LodaRAT malware variants discovered

November 22, 2022

New LodaRAT malware variants have emerged and are being distributed alongside RedLine Stealer and Neshta malware, according to The Hacker News. Cisco Talos researchers also discovered that an unknown Venom RAT variant has also been used for LodaRAT deployment. The report showed that the modified LodaRAT variants have gained the capability to identify running antivirus processes and connect with attached removable storage devices. However, even discontinued antivirus solutions are being detected by the new variants, including Prevx, Norman Virus Control, and ByteHero. Meanwhile, non-functional code has been removed from the new variants, which were also found to leverage string obfuscation. "Over the course of LodaRAT's lifetime, the implant has gone through numerous changes and continues to evolve. While some of these changes appear to be purely for an increase in speed and efficiency, or reduction in file size, some changes make Loda a more capable malware," wrote Cisco Talos researcher Chris Neal.

Novel LodaRAT malware variants discovered

Related

Novel Bandit Stealer malware examined

AceCryptor malware increasingly used in attacks

Windows WordPad vulnerability targeted in new QBot malware attacks

Related Events

EMOTET Exposed: Inside the Cybercriminals’ Supply Chain

Email Emergency: Steering Clear of Phishing and BEC Scams

Ransomware & Data Exfiltration: A survival guide to prevention & response

Get daily email updates