A recent research shows that Adwind is back. The cross-platform Remote Access Trojan is known by multiple names, including AlienSpy, jFrutas, Frutas, Unrecom, JSocket, Sockrat, and jRat. Avoiding the malware attack is rather difficult, as it is able to infect major operating systems, among which are Linux, Windows, Mac, and Android.
Adwind comes fully-prepared, having various malicious capabilities. Those include but not limited to keylogging, stealing credentials, collecting sensitive data, taking screenshots, etc. The malware is also able using compromised machines as botnets to pull off DDoS attacks.
The two waves
Experts from Trend Micro have discovered Adwind infections rising within the past month of June 2017 by 107 percent.
Published on Tuesday 11, 2017, a blog post mentioned two occasions on which the spam campaigns unfolded.
The first wave took place on June 7, 2017. Cybercriminals rerouted victims to .NET-written malware, which also had spyware capabilities. The second one occurred a week later, on June 14, 2017. The attackers used domains, which hosted malware, as well as command-and-control servers.
The attackers made their victims follow malicious links, which were attached to a spam email imitating the chair of the Mediterranean Yacht Broker Association (MYBA) Charter Committee. The malware then collected system’s fingerprints as well as the list of firewall applications and antivirus software.
As the researchers mentioned, the malware is able to “perform reflection, a dynamic code generation in Java. The latter is a particularly useful feature in Java that enables developers/programmers to dynamically inspect, call, and instantiate attributes and classes at runtime. In cybercriminal hands, it can be abused to evade static analysis from traditional antivirus (AV) solutions.”
One of the best ways to ensure your protection is staying cautious of suspicious emails and never following any unverified links. Plus, regularly updating your antivirus software could also reduce the chance of falling victim to the rising threat.