Loda RAT
The Loda RAT is a fairly simple Remote Access Trojan (RAT) that has been active since 2017, and whose code has been updated several times during the last three years. One of the unique features of the Loda RAT is that it is written in AutoIT, a basic scripting language that is used for malware development rarely. Regardless of this fact, the Loda RAT is a fully finished Trojan that provides its operators with the opportunity to execute a large number of tasks on compromised computers. If the victims have not taken the necessary measures to secure their accounts and computers, the Loda RAT may give attackers full administrator access to the hacked machine.
One of the latest campaigns to involve the Loda RAT focuses on infecting computers in Central America, South America and the United States. The attacks are executed with the use of phishing emails that ask recipients to visit an outbound link that will take them to a corrupted page set up by the attackers. The page in question hosts macro-laced Microsoft Office documents, which are meant to exploit the CVE-2017-11882 vulnerability to fetch and run the payload from a remote source.
The Loda RAT's Developers Focus on Anti-Virus Evasion and Code Obfuscation Features
After the Loda RAT is initialized, it will connect to a remote control server, and wait for the attacker's commands – the threat is capable of collecting login credentials and passwords from the compromised host. Other notable features of Loda RAT are its ability to grab screenshots, log keystrokes, and even use attached microphones to record sound.
The latest versions of the Loda RAT appear to emphasize on code obfuscation and anti-virus evasion features – the threat is able to scan the compromised Windows machine for the presence of certain processes and executable files related to the activity of popular anti-virus software. The threat's code is obfuscated heavily, which helps it evade low-quality anti-virus engines, as well as make it more difficult to reverse engineer and analyze. In terms of persistence, the Loda RAT achieves this by creating a new scheduled task and inserting a new key in the Windows Registry.
While the Loda RAT is not one of the most advanced Trojans being used by cybercriminals, it is improved slowly by including more features and making it more difficult to detect. Its credential-collecting capabilities are a high-level threat, and victims of this Trojan are likely to suffer significant financial and data loss if they do not take the required steps to eradicate the threat and protect their computers.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.