"LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities"

LodaRAT malware has resurfaced with new variants being used in tandem with other sophisticated malware, such as RedLine Stealer and Neshta. According to Cisco Talos researcher Chris Neal, the ease of access to LodaRAT's source code makes it an appealing tool for any threat actor interested in its capabilities. LodaRAT has been observed being delivered via a previously unknown variant of another commodity Trojan called Venom RAT, codenamed S500, in addition to being dropped alongside other malware families. LodaRAT is an AutoIT-based malware associated with the Kasablanca group and can harvest sensitive information from compromised machines. In February 2021, an Android version of the malware appeared, allowing threat actors to broaden their attack surface. Then, in September 2022, Zscaler ThreatLabz discovered a new delivery mechanism involving the use of Prynt Stealer, an information stealer. According to Cisco Talos' latest findings, altered variants of LodaRAT have been detected in the wild with updated functionality, allowing it to spread to every attached removable storage device and detect running antivirus processes. The revamped implementation is also deemed ineffective because it searches for an explicit list of 30 different process names associated with various cybersecurity vendors, implying that a solution that does not meet the search criteria will be missed. This article continues to discuss the resurfacing of the LodaRAT malware with new variants. 

THN reports "LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities"