The New Variant of LodaRAT Malware Hunts Down Android Users

A new espionage campaign revealed that the historic Windows rebel - The LodaRAT - is now targeting Android devices.

Android Malware
Android Malware

Similar to other viruses encountered by the human race, the technology world has its own set of viruses to fight against. And just like all viruses, they have variants that evolve to become more destructively advanced over time. One such case is the LodaRAT.

An ongoing campaign recently revealed that the historic Windows envy malware has a new variant that is being distributed to hunt down Android devices for spying purposes.

According to the researcher, not only is there a new variant for Android devices, there’s also an updated version for Windows systems that is being distributed simultaneously.

What’s New in the New Variant?

While the previous version of the LodaRAT malware specifically designed to steal user’s financial credentials targeting their bank accounts. The new variant is more of an all-rounder. It not only targets the user’s financial credentials but also invades and collects other user information such as phone numbers, addresses, emails and other passwords.

The fact that the threat group has evolved into hybrid campaigns targeting Windows and Android shows a group that is thriving and evolving,said researchers with Cisco Talos, on Tuesday.

But What is LodaRAT After All?

First discovered in 2016, LodaRAT is a Remote Access Trojan (RAT) that was programmed and designed to spy on users with certain targeted devices like Windows and Android. The malware successfully accessed various key components of the victim’s devices such as camera and microphone.

The RAT is written in AutoIT has appeared to be distributed by various cybercrime organizations around the world and the malware has gone through various version upgrades ever since it was released in September 2016 making it one of the most successful malware out there.

The New Variant of LodaRAT

Popularly known as the “Loda4Android” is the latest malware variant that the researchers are fascinated with. According to the researchers, the new variant of LodaRAT is “relatively simple when compared to other Android malware,

The LodaRAT is simpler particularly because the command-and-control (C2) structure for Android targeting is based on the same design sequence as the Windows version.

Researchers also described the LodaRAT to have “all the components of a stalker app” allowing the hackers to access location, record audio and video as well as take screenshots on the victim’s device.

Surprisingly, when the malware records audio calls, it only records what the victim (user of the targeted device) says, not the other party.