A previously known Windows remote access Trojan (RAT) with credential-stealing capabilities has now expanded its scope to set its sights on users of Android devices to further the attacker’s espionage motives.
“The developers of LodaRAT have added Android as a targeted platform,” Cisco Talos researchers said in a Tuesday analysis. “A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities.”
Kasablanca, the group behind the malware, is said to have deployed the new RAT in an ongoing hybrid campaign targeting Bangladeshi users, the researchers noted.
The reason why Bangladesh-based organizations have been specifically singled out for this campaign remains unclear, as is the identity of the threat actor.
First documented in May 2017 by Proofpoint, Loda is an AutoIt malware typically delivered via phishing lures that’s equipped to run a wide range of commands designed to record audio, video, and capture other sensitive information, with recent variants aimed at stealing passwords and cookies from browsers.
The latest versions — dubbed Loda4Android and Loda4Windows — are a lot alike in that they come with a full set of…