Loda RAT

Loda RAT Description

The Loda RAT is a RAT (Remote Access Trojan) that has been operating for three years as malware analysts first spotted it back in 2017. The Loda RAT is a rather simple RAT, but that does not mean that it cannot get the job done. This Trojan is written in the AutoIT programming language, which is rather unusual. Once the Loda RAT compromises a system, it is able to perform a rather long list of tasks.

The Loda RAT appears to be targeting users in the United States, Central America, and South America, mainly. The creators of the Loda RAT are propagating it via bogus emails that direct users to a link that would launch a fake page that belongs to the attackers. This page hosts various macro-laced documents that are designed to target a known vulnerability – CVE-2017-11882. Upon infecting the targeted computer, the Loda RAT would establish a connection with the C&C (Command & Control) server of its operators.


Once the Loda RAT connects to the C&C server successfully, it would await commands from the attackers. The Loda RAT can collect information like passwords and login credentials. Apart from collecting login credentials, the Loda RAT also can:

  • Take screenshots of the user’s desktop and active windows.
  • Launch a keylogger that will collect keystrokes.
  • Use the victim’s microphone to record audio.

Recently, the creators of the Loda RAT have updated this Trojan to include several self-preservation features. The Loda RAT code has been obfuscated to avoid detection by anti-malware tools. The code obfuscation also makes it more difficult for cybersecurity researchers to study the threat. The Loda RAT also can scan the running processes on the compromised system and detect whether there is an anti-virus application running. The Loda RAT gains persistence on the compromised computer by using two common tricks:

  • It uses the Windows Task Scheduler to ensure that its components will start with Windows.
  • It inserts a new autorun Windows Registry Key that commands Windows to execute Loda RAT on launch.

Despite the fact that the Loda RAT is a rather simple Trojan, it is fully capable of causing a lot of damage to the compromised PC. If you want to keep your system safe from threats like the Loda RAT, we would advise you to consider investing in a reputable anti-virus software suite.