silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,210
US petroleum industry entities are targeted by attackers with a new Adwind Remote Access Trojan (RAT) variant featuring multi-layer obfuscation and delivered via a malspam campaign designed to infect targets through malicious attachments or URL redirections to payloads.
Adwind (aka jRAT, AlienSpy, JSocket, and Sockrat) is a cross-platform (i.e., Windows, Linux, macOS) RAT provided by its developers to various threat actors under a malware-as-a-service (MaaS) model.
While the RAT can avoid being detected by some anti-malware solutions, behavior- and sandbox-based antivirus software should be capable of identifying and block it successfully.
"The majority of these campaigns are delivered through phishing emails. During our analysis of the campaign, we could not obtain the email samples; we could only retrieve the JAR malware samples," Netskope information security researcher Abhinav Singh told BleepingComputer.
New Adwind RAT Variant Used Against the US Petroleum Sector
US petroleum industry entities are targeted by attackers with a new Adwind Remote Access Trojan (RAT) variant featuring multi-layer obfuscation and delivered via a malspam campaign designed to infect targets through malicious attachments or URL redirections to payloads.
www.bleepingcomputer.com