Adwind is a cross-platform RAT, it is able to infect all the major operating systems, including Windows, Mac, Linux, and Android.
Once the Adwind RAT has infected a computer it can recruit it into a botnet for several illegal purposes (i.e. DDoS attacks, brute-forcing attacks).
Malware researchers from Trend Micro observed a spike in the number of Adwind infections in June 2017, an increase of 107 percent compared to the previous month.
The Adwind RAT implements many features, including stealing credentials, keylogging, taking screenshots and pictures, data gathering and data exfiltration.
The malicious campaign was noticed on two different waves, the first one on June 7 and used a link to divert victims to a .NET-written malware equipped with spyware capabilities, while the second one on June 14 and crooks used different domains hosting their malware and C&C servers.
Both attacks leveraged spam emails that impersonate the chair of the Mediterranean Yacht Broker Association (MYBA) Charter Committee.
Once infected, the malicious code gathers information on the victims, including the list of installed antivirus and firewall applications.
“Based on jRAT-wrapper’s import header, it appears to have the capability to check for the infected system’s internet access.” continues the analysis. “It can also perform reflection, a dynamic code generation in Java. The latter is a particularly useful feature in Java that enables developers/programmers to dynamically inspect, call, and instantiate attributes and classes at runtime. In cybercriminal hands, it can be abused to evade static analysis from traditional antivirus (AV) solutions.”
Considering that the main infection vector for the Adwind RAT are spam messages, users have to be suspicious of unsolicited messages containing documents or links. Never open a document or click on links inside those emails if you haven’t verified the source.
As usual, keep your systems and antivirus products up-to-date.
(Security Affairs – Adwind RAT, cybercrime)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.