Recently observed massive campaign using Adwind Remote Access Tool (RAT) has attacked over 1,500 organisations in more than 100 countries and territories according to the researchers from Kaspersky Lab.
These attacks are spread across industries, Kaspersky says, that the consulting was hit the least(5%) retail followed by insurance and legal services (5%), followed by architecture and construction (9.5%), followed by shipping and logistics (5.5%), and followed by distribution sector with highest of (20.1%).
The backdoior, Adwind has been there for several years, and the Kaspersky said that it has managed to infect morethan 443,000 users between 2013 and 2016. Also known as the AlienSpy, Unrecom, Sockrat, Frutas, and jRAT, this malware has been associated with number of attacks, with the AlienSpy variant in April 2015 after a report on it was published.
The threat of this RAT is openly distributed in the form as a paid service, where any one can use the malicious program by paying a fee to the crooks. According to the Kaspersky, this is the main feature which distinguishes this Adwind RAT from all other commercial malware.
This is written in Java and malware is not restricted to a single platform. It can be used to target Linux, Windows, and even MacOS. It can run on other platforms which run Java, like Android. With the help of this threat, the crooks can steal passwords, log keystrokes, and other data from capture screenshots, web forms, transfer files, record audio and video,and steal a great deal of confidential information as well.
As part of the newly detailed campaign, the RAT is being distributed via emails supposedly coming from the HSBC Advising Service (from the mail.hsbcnet.hsbc.com domain), purporting that payment advice has been included in an attachment. Although detailed only now, the activity of this email domain has been tracked back to 2013, Kaspersky Lab researchers say.
The article “Adwind RAT Campaign Hits Organizations Worldwide: Kaspersky” was originally posted on Securityweek.