Hackers and cyber criminals are becoming dramatically more adept, innovative, and stealthy with each passing day.
Cybercriminals have shifted from traditional methods to more clandestine techniques that come with limitless attack vectors, low detection rates, and support for cross platforms.
Cyber Security researchers have found that the infamous Adwind, a popular cross-platform remote access trojan written in java, has emerged once again. It is currently being used to “target enterprises in the aerospace industry, with Switzerland, Austria, Ukraine, and the US the most affected countries.”
Adwind is also known as Frutas, jFrutas, Unrecom, Sockrat, Jsocket and jRat. It has been in development since 2013 and is completely capable of infecting any major operating system, Windows, Mac, Linux and Android.
Stealing credentials, keylogging, taking pictures or screenshots, data gathering and exfiltrate data are among the several malicious capabilities of Adwind. The Trjoan has the capability to take your infected machine and turn it into a botnet to abuse them for destructing online services by carrying out DDoS attacks.
Recently, researchers from Trend Micro noticed a sudden rise in the number of Adwind infections during June of 2017. In just June alone 117,649 instances were found, which is 107 percent more than the previous month.
According to a blog post published today, the malware was noticed on two different occasions.
The first was observed on the 7th of June. A link was used to divert victims to their .NET written malware equipped with spyware capabilities. The second was noticed a week later and used different domains hosting their malware and command/control servers.
Both waves used a similar social engineering tactic to trick victims into clicking the malicious links within a spam email that impersonated the chair of the Mediterranean Yacht Broker Association Charter Committee.
Once infected, the malware can collect system’s fingerprints, and get a list of installed antivirus and firewall applications.
To remain protected from such malware always be suspicious of uninvited documents sent over an email and never click on links inside those documents unless verifying the source.
Additionally, keep your systems and antivirus products up-to-date in order to protect against any latest threat.