Hackers are Spreading “Adwind Rat” through Spam Emails!

Email Attacks are very common now a days. Hackers are targeting victims by collecting their emails from social media accounts and other platforms. A new type of Email Scam has been detected by a Romanian security firm “Heimdal Security”. Hackers are sending a dangerous “Adwind” named RAT (Remote Access Trojan) to victims, through the emails. It is a hard coded RAT and undetectable by Antivirus tools, therefore hackers are sending it as an attachment or in the form of malicious links.

What is Adwind RAT?

Adwind is a hardcoded Trojan, which is working as a Backdoor in infected computers. It is capable to infect all the major operating systems including OS X, Windows, Android and Linux. Adwind is a dangerous threat and it is a cross platform for hackers, because it can perform a number of functions at same time. It is a Java Based Rat and it was first detected by a security firm in February. This time it came with some new functions and scripts that’s why it is undetectable by Antivirus tools. The other names of this RAT are Frutas, AlienSpy, Sockrat, KilerRat, Unrecom and jRAt.

Targets of this Insidious Threat?

According to the report of security firm “Heimdal Security”, this campaign has been started by hackers in the last weekend. At the moment, hackers are only targeting Danish Companies but soon they will target other countries too. Hackers are sending this RAT as an attachment with extension “.jar”. Online malware detection platform “VirusTotal” is also not detecting this Trojan. The codes of this RAT have been written by its authors in Java, therefore it can work in that operating systems which supports Jana Runtime Environment.

How it works?

When victim download the attachment from email or clicked on the malicious file, RAT got the entry into program files of the system. After that it generates a botnet which has been controlled by the hackers through a command and control server “jmcoru.alcatelupd [.] Xyz”. This RAT allows the APT groups to filter the important files of systems by using special type of scripts. It also allow the hackers to remotely control the system by using some special tools.

Hackers are not spreading this RAT in a wild form. They are targeting victims slowly-slowly. The main reason behind their strategy is, it will help them to keep themselves undetected. It will give them more time to sit on the server to filter the important files and data of infected system.

Some Security Tips for Users