LodaRAT: Established Malware, New Victim Patterns

Executive Summary Rapid7 has observed an ongoing malware campaign involving a new version of LodaRAT. This version possesses the ability to steal cookies and passwords from Microsoft Edge and Brave. LodaRAT, first observed in 2016, is a remote access tool RAT written in AutoIt. Development of...

YoroTrooper Stealing Credentials and Information from Government and Energy Organizations

A previously undocumented threat actor dubbed YoroTrooper has been targeting government, energy, and international organizations across Europe as part of a cyber espionage campaign that has been active since at least June 2022. "Information stolen from successful compromises include credentials...

LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities

The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta. "The ease of access to its source code makes LodaRAT an attractive tool for any threat actor who is interested in its capabilities,"...

Threat Source newsletter (Nov. 17, 2022): Hot off the press! The Snort 2023 Calendar is here

Welcome to this weeks edition of the Threat Source newsletter. Its everyones favorite time of year again and no, I dont mean the impending holidays. The Snort 2023 calendar is finally here, and yall, its a good one. Packed full of classic memes and punny Snorties, the calendar is sure to delight...

Get a Loda This: LodaRAT meets new friends

LodaRAT samples were deployed alongside other malware families, including RedLine and Neshta. Cisco Talos identified several variants and altered versions of LodaRAT with updated functionality have been seen in the wild. Changes in these LodaRAT variants include new functionality allowing...

Talos Takes Ep. #49: LodaRAT keeps growing....and growing

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Chris Neal from Talos Outreach has followed LodaRAT for years now. It’s gone from a fairly small threat to a full-on... Th...

Threat Source newsletter (Feb. 11, 2021)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We have an update on LodaRAT, a trojan we’ve been following for years. This threat has a new version targeting Android devices, looking to infect devices and steal user’s credentials and monitor things like their phone calls and...

LodaRAT Windows malware now hunting Android devices

By Deeba Ahmed Dubbed LodaRAT, the trojan was equipped with credential-stealing capabilities earlier, but now it is eyeing Android users. This is a post from HackRead.com Read the original post: LodaRAT Windows malware now hunting Android devices...

LodaRAT Windows Malware Now Also Targets Android Devices

A previously known Windows remote access Trojan RAT with credential-stealing capabilities has now expanded its scope to set its sights on users of Android devices to further the attacker's espionage motives. "The developers of LodaRAT have added Android as a targeted platform," Cisco Talos...

LodaRAT Windows Malware Now Also Targets Android Devices

A previously known Windows remote access Trojan RAT with credential-stealing capabilities has now expanded its scope to set its sights on users of Android devices to further the attacker's espionage motives. "The developers of LodaRAT have added Android as a targeted platform," Cisco Talos...

Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows

By Warren Mercer, Chris Neal and Vitor Ventura. The developers of LodaRAT have added Android as a targeted platform.A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities.The operators behind LodaRAT tied to a specific campaign targeting Bangladesh,...

Android Devices Hunted by LodaRAT Windows Malware

A newly discovered variant of the LodaRAT malware, which has historically targeted Windows devices, is being distributed in an ongoing campaign that now also hunts down Android devices and spies on victims. Along with this, an updated version of LodaRAT for Windows has also been identified; both...

Threat Source newsletter for Oct. 1, 2020

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In the past, we’ve covered what disinformation otherwise known as “fake news” is and who spreads it. Now, we’re diving into why it works, and why it’s so easy for people to spread. Check out our full paper here to gain a lot of...

LodaRAT Update: Alive and Well

By Chris Neal. During our continuous monitoring of LodaRAT, Cisco Talos observed changes in the threat that add new functionality. Multiple new versions of LodaRAT have been spotted being used in the wild.These new versions of LodaRAT abandoned their previous obfuscation techniques.Direct...