LTS Secure Warning: New Variant of Loda RAT being delivered In New Malware Campaign

Loda, which dates back to 2017, is an elementary yet very effective RAT, which has matured over time. It is a perfect example of how effective, simple techniques can be, once they are combined with basic obfuscation.

 

Technical Details

The attack begins with a phishing email being delivered to the victim, posing as something that required immediate attention. The email contains a document, with the purpose of pointing to another document in Rich Text Format (RTF), containing an obfuscated OLE object. The Object leverages the CVE-2017-11882 (Windows Office Execution) vulnerability to download & execute the MSI file containing the Loda RAT.

 

Impact

  • Logs user’s keystrokes.
  • Collects user & system information.
  • Take screenshots of desktop.
  • Launching & closing processes
  • Steal sensitive/confidential information like login credentials of banking sites, cookies, etc.

 

Recommended Actions

  • Never download any suspicious attachments or click on any shady-looking link. Take an effort to educate your users on how to identify a mal-spam.
  • Ensure that your devices are always up-to-date with the latest patches released.
  • Always update your anti-virus software with the latest releases.
  • Periodically run “full system scan” on your endpoints.
LTS Secure Locations
  • Florida: 407-965-5509
    Los Angeles: 323-544-5013
    Mid West: 800 689 4506

  • Chicago/Midwest– 2406 Schumacher Drive, Mishawaka, IN, 46545

    201, Tower S4, Phase II, Cybercity, Magarpatta Township, Hadapsar, Pune-411013