Loda RAT

Loda RAT Description

The Loda RAT is a RAT (Remote Access Trojan) that has been operating for three years as malware analysts first spotted it back in 2017. The Loda RAT is a rather simple RAT, but that does not mean that it cannot get the job done. This Trojan is written in the AutoIT programming language, which is rather unusual. Once the Loda RAT compromises a system, it is able to perform a rather long list of tasks.

The Loda RAT appears to be targeting users in the United States, Central America, and South America, mainly. The creators of the Loda RAT are propagating it via bogus emails that direct users to a link that would launch a fake page that belongs to the attackers. This page hosts various macro-laced documents that are designed to target a known vulnerability – CVE-2017-11882. Upon infecting the targeted computer, the Loda RAT would establish a connection with the C&C (Command & Control) server of its operators.

Capabilities

Once the Loda RAT connects to the C&C server successfully, it would await commands from the attackers. The Loda RAT can collect information like passwords and login credentials. Apart from collecting login credentials, the Loda RAT also can:

  • Take screenshots of the user’s desktop and active windows.
  • Launch a keylogger that will collect keystrokes.
  • Use the victim’s microphone to record audio.

Recently, the creators of the Loda RAT have updated this Trojan to include several self-preservation features. The Loda RAT code has been obfuscated to avoid detection by anti-malware tools. The code obfuscation also makes it more difficult for cybersecurity researchers to study the threat. The Loda RAT also can scan the running processes on the compromised system and detect whether there is an anti-virus application running. The Loda RAT gains persistence on the compromised computer by using two common tricks:

  • It uses the Windows Task Scheduler to ensure that its components will start with Windows.
  • It inserts a new autorun Windows Registry Key that commands Windows to execute Loda RAT on launch.

Despite the fact that the Loda RAT is a rather simple Trojan, it is fully capable of causing a lot of damage to the compromised PC. If you want to keep your system safe from threats like the Loda RAT, we would advise you to consider investing in a reputable anti-virus software suite.

Do You Suspect Your PC May Be Infected with Loda RAT & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Loda RAT as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.