Malware

Novel LodaRAT malware variants discovered

New LodaRAT malware variants have emerged and are being distributed alongside RedLine Stealer and Neshta malware, according to The Hacker News. Cisco Talos researchers also discovered that an unknown Venom RAT variant has also been used for LodaRAT deployment. The report showed that the modified LodaRAT variants have gained the capability to identify running antivirus processes and connect with attached removable storage devices. However, even discontinued antivirus solutions are being detected by the new variants, including Prevx, Norman Virus Control, and ByteHero. Meanwhile, non-functional code has been removed from the new variants, which were also found to leverage string obfuscation. "Over the course of LodaRAT's lifetime, the implant has gone through numerous changes and continues to evolve. While some of these changes appear to be purely for an increase in speed and efficiency, or reduction in file size, some changes make Loda a more capable malware," wrote Cisco Talos researcher Chris Neal.

Related

Rootkit capabilities likely with Windows bugs

Several rootkit-like capabilities could be obtained by threat actors through the exploitation of vulnerabilities in Windows' DOS-to-NT path conversion process, including file and process concealment and compromised prefetch file analysis, reports The Hacker News.

Abusing GitHub flaw could compromise GitLab

Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.