Novel LodaRAT malware variants discovered

New LodaRAT malware variants have emerged and are being distributed alongside RedLine Stealer and Neshta malware, according to The Hacker News. Cisco Talos researchers also discovered that an unknown Venom RAT variant has also been used for LodaRAT deployment. The report showed that the modified LodaRAT variants have gained the capability to identify running antivirus processes and connect with attached removable storage devices. However, even discontinued antivirus solutions are being detected by the new variants, including Prevx, Norman Virus Control, and ByteHero. Meanwhile, non-functional code has been removed from the new variants, which were also found to leverage string obfuscation. "Over the course of LodaRAT's lifetime, the implant has gone through numerous changes and continues to evolve. While some of these changes appear to be purely for an increase in speed and efficiency, or reduction in file size, some changes make Loda a more capable malware," wrote Cisco Talos researcher Chris Neal.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.