Adwind RAT
July 11, 2017
Shah Sheikh (1294 articles)

Adwind RAT

Adwind, a cross-platform Remote Access Trojan, that has the capability of running on any operating system that has been installed with Java. The main target of Adwind are the enterprises in aerospace industry and the affected countries include Switzerland, Ukraine, Austria and the US.

Adwind, aka AlienSpy, Frutas, jFrutas, Unrecom, Sockrat, JSocket and jRat, is capable of infecting operating systems such as Windows, Mac, Linux and Android.

The capabilities of the malware include stealing credentials, keylogging, taking screenshots or pictures, data gathering and exfiltrate data. It also the capability of running DDoS attacks by turning the infected systems into botnets.

Trend Micro claims that the number of Adwind infections have increased dramatically from 5.286 infections in January to 117,649 in June 2017.

The first occurrence of the infection was on June 7th where a link was used to divert the victims to a .NET-written malware equipped with spyware capabilities and the second occurrence was on June 14th where different domain was used for hosting their malware. A social engineering tactic was used to lure the victims by impersonating the chair of the Mediterranean Yacht Broker Association Charter Committee.

The best approach to such a malware is to make sure that you do not open malicious or suspicious emails that include documents or links to external sources.