Security News Adwind Malware Targets 1,500 Organizations from 100 Countries

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Adwind Remote Access Tool is being put to use again in an attack against over 1,500 organizations in 100 countries and territories.

According to Kaspersky Lab, the attacks impact various industrial sectors, retail, and distribution accounting for 20% of the organizations affected. Organizations working in the architecture and construction sector account for 9.5% of attacks, shipping, and logistics for 5.5$, insurance and legal services, as well as consulting for 5% each.

It seems that victims of Adwind receive emails that are spoofed to look like they come from HSBC Advising Service, using mail.hsbcnet.hsbc.com as a domain. The message contains payment advice in an attachment, which turns out to contain a malware sample instead.

The ZIP files, if opened, reveals a JAR file. The malware quickly self-installs and attempts to communicate to the C&C server, allowing attackers go gain almost complete control over the compromised device. Mostly, they use this backdoor to steal confidential information.

Attack goes global
Kaspersky's data shows that about 40% of all attacks target organizations in the following ten countries - Malaysia, the United Kingdom, Germany, Lebanon, Turkey, Hong Kong, Kazakhstan, United Arab Emirates, Mexico and the Russian Federation.

"According to Kaspersky Lab researchers, since the victims include a high proportion of businesses, criminals could use industry-specific mailing list to target their attacks. Considering the number of detections, they were focused on attack scale and outreach, rather than on sophisticated technology," the announcement reads.

The Adwind Remote Access Tool (RAT) is a cross-platform multifunctional malware program that's also known under several other names, including AlienSpy, Frutas, Unrecom, Sockrat, JScoket and jRat. The malicious program is used commercially, meaning that attackers have to pay to distribute their malware.

Between 2013 and 2016, Kaspersky estimates that Adwind malware has been used in attacks against at least 443,000 private users around the world.
 

Paul123

Level 4
Verified
Well-known
Dec 9, 2016
174
With the Cloudbleed incident too, its a bad day for security
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top