New LodaRAT malware variants have emerged and are being distributed alongside RedLine Stealer and Neshta malware, according to The Hacker News.
Cisco Talos researchers also discovered that an unknown Venom RAT variant has also been used for LodaRAT deployment.
The report showed that the modified LodaRAT variants have gained the capability to identify running antivirus processes and connect with attached removable storage devices. However, even discontinued antivirus solutions are being detected by the new variants, including Prevx, Norman Virus Control, and ByteHero.
Meanwhile, non-functional code has been removed from the new variants, which were also found to leverage string obfuscation.
"Over the course of LodaRAT's lifetime, the implant has gone through numerous changes and continues to evolve. While some of these changes appear to be purely for an increase in speed and efficiency, or reduction in file size, some changes make Loda a more capable malware," wrote Cisco Talos researcher Chris Neal.
This week, Dr. Doug raves about: 'The Orgy of the Walking Dead' or Elon is controlling my brain, Schoolyard Bully, Redigo, DuckLogs, Dod Alphabet soup, Sirius XM, Pixel Tracking, TSA, Single Sign-on rants, and more on the Security Weekly News!
Novel DuckLogs malware-as-a-service detailed More than 6,000 victims have been compromised by the new DuckLogs malware-as-a-service operation, whose platform is being leveraged by over 2,000 cybercriminals, according to BleepingComputer.
BleepingComputer reports that Redis servers that remain unpatched to CVE-2022-0543 are being compromised with the novel Go-based Redigo malware, which is not yet detected on VirusTotal antivirus engines.