silversurfer

Level 51
Verified
Trusted
Content Creator
Malware Hunter
Attackers are targeting entities from the utility industry with the Adwind Remote Access Trojan (RAT) malware via a malspam campaign that uses URL redirection to malicious payloads.

Adwind (also known as jRAT, AlienSpy, JSocket, and Sockrat) is distributed by its developers to threat actors under a malware-as-a-service (MaaS) model and it is capable of evading detection by most major anti-malware solutions.

While the Adwind Trojan manages to avoid detection by some anti-malware solutions, sandbox- and behavior-based antivirus software should be capable of detecting and block it successfully.

This allows its operators to successfully compromise their targets' computers without raising suspicion, and perform a wide range of malicious tasks from stealing sensitive info like VPN certificates and credentials from Chrome, IE, and Edge to collecting and exfiltrating the victims' keystrokes.
Read more below: