LodaRat Windows Malware Start Infecting Android OS!

LodaRat Windows Malware Start Infecting Android OS!

LodaRat is known as Windows Remote Access Trojan or RAT that having the capabilities of stealing the credentials is now expanding its scope and start targeting the Android devices for further attack.

According to the security researcher, the malware developers have started targeting the Android platform. It is a new type of LodaRAT malware for Windows that has been detected and updated with improved features that include sound recordings and many more.

The researcher also added that the group behind this attack was named Kasablanca, who is used a new RAT while compromising the ongoing campaign that used to target the Bangladeshi users. The reason is still unclear, that why the attackers target the Bangladeshi organization.

How this was Started?

Loda-Rat-Malware-Attack-featured-image

In May 2017, the first document was discovered by Proofpoint, which shows that Loda is AutoIt malware which is typically furnished via delivering the phishing attack that occupies a large range of commands and designed to store audio, video, and stores other confidential information by aiming as stealing passwords and cookies from the web browsers.

The updated version of Loda4Android and Loda4Windows are the same and they come with the set of data gathering features that consist of the stalker application. Whereas the Android malware is too different and it avoids the techniques used by banking viruses that include abusing Accebility APIs to store the screen activities.

Apart from that, transferring the command and control infrastructure is used for both Android and Windows, the hacker originated these attacks in October 2020 and targeted multiple banks and carrier-grade software vendor, pointing the malware writer based in Morocco.

The hackers also used a myriad number of social engineering tricks and raged from squatted domains to malicious RTF documents that were embedded in emails that open and triggered an infection chain that steals and tends to memory corruption vulnerability listed on Microsoft Office CVE-2017-11882 while downloading the final payload.

What are its Inclinations?

This updated version of the malware can store photos and screenshots and it is also capable to read call logs, SMS, send SMS, and execute calls to specific numbers, and may intercept phone calls or messages. The latest component of Windows counterpart deals with new commands and enable the remote access that used to target the machines through Remote Desktop Protocol and Sound the component that uses BASS audio library and store through the connected microphone.

The security researcher also said that the group has evolved into hybrid campaigns that used to target Windows and Android while displaying the group that thriving and evolving.

He also added that the attack group updates the hybrid campaign and focused on specific targets that indicate more mature execution capabilities.

Leave a Reply