Threat actors have been actively employing Loda, a remote access trojan (RAT) developed in AutoIT, an accessible language for automating Windows computer scripting.
The malware may deliver various harmful payloads in addition to keylogging, taking pictures, and stealing passwords and other sensitive information.
The most frequent attack method used to infect victims’ systems with Loda is phishing email campaigns, which have been used since 2016.
The Kasablanka group, an advanced persistent threat (APT) from Morocco that often released new versions of the malware, appears to have been the original developers of Loda.
Other threat actors also use the malware, such as YoroTrooper, who has used a Loda malware variant to attack numerous organizations globally, with the most recent attacks starting as early as 2023.
Targeting mostly hospitality companies in Europe and North America, TA558 is another APT that uses Loda in its harmful…