Loda RAT

Posted: February 13, 2020

Loda RAT Description

The Loda RAT is a fairly simple Remote Access Trojan (RAT) that has been active since 2017, and whose code has been updated several times during the last three years. One of the unique features of the Loda RAT is that it is written in AutoIT, a basic scripting language that is used for malware development rarely. Regardless of this fact, the Loda RAT is a fully finished Trojan that provides its operators with the opportunity to execute a large number of tasks on compromised computers. If the victims have not taken the necessary measures to secure their accounts and computers, the Loda RAT may give attackers full administrator access to the hacked machine.

One of the latest campaigns to involve the Loda RAT focuses on infecting computers in Central America, South America and the United States. The attacks are executed with the use of phishing emails that ask recipients to visit an outbound link that will take them to a corrupted page set up by the attackers. The page in question hosts macro-laced Microsoft Office documents, which are meant to exploit the CVE-2017-11882 vulnerability to fetch and run the payload from a remote source.

The Loda RAT's Developers Focus on Anti-Virus Evasion and Code Obfuscation Features

After the Loda RAT is initialized, it will connect to a remote control server, and wait for the attacker's commands – the threat is capable of collecting login credentials and passwords from the compromised host. Other notable features of Loda RAT are its ability to grab screenshots, log keystrokes, and even use attached microphones to record sound.

The latest versions of the Loda RAT appear to emphasize on code obfuscation and anti-virus evasion features – the threat is able to scan the compromised Windows machine for the presence of certain processes and executable files related to the activity of popular anti-virus software. The threat's code is obfuscated heavily, which helps it evade low-quality anti-virus engines, as well as make it more difficult to reverse engineer and analyze. In terms of persistence, the Loda RAT achieves this by creating a new scheduled task and inserting a new key in the Windows Registry.

While the Loda RAT is not one of the most advanced Trojans being used by cybercriminals, it is improved slowly by including more features and making it more difficult to detect. Its credential-collecting capabilities are a high-level threat, and victims of this Trojan are likely to suffer significant financial and data loss if they do not take the required steps to eradicate the threat and protect their computers.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Loda RAT may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.