Adwind RAT is Back, Infected 1500 Organizations Worldwide

The Adwind RAT (Remote Access Tool) is not a new name in IT industry. It is the same RAT, which was hijacking computers of victims in July 2016. That time, 4.5 Lac users had been targeted by Adwind RAT.The hackers were spreading this RAT through various type of spam emails. The codes of this RAT have been written by the authors in JAVA which are undetectable by antivirus tools. The Adwind RAT has many other names, such as AlienSpy, Unrecom, jRat, Frutas, KillerRat and Sockrat. The famous IT security company “Kaspersky Lab” has released a report to warn the industry that hackers are running a massive “Adwind RAT” campaign. More than 1500 organizations in 100 countries are the victims of this campaign.

The Most Affected Industries

Legal Services and Insurance (5%)

Construction and Architecture (9.5%)

Consulting (5%)

Shipping and Logistics (5.5%)

Retail (20.1%)

The Most Affected Countries

United Kingdom

Lebanon

Mexico

Malaysia

Germany

Russia

UAE (United Arab Emirates)

Turkey

Kazakhstan

Hong Kong

Above mentioned countries contains 40% victims of this latest Adwind RAT campaign.

How Adwind RAT Works?

This hard coded malware is a backdoor in actual. Once the victim installs it in the system, Adwind RAT can hide from Antivirus tools. Adwind RAT generates a botnet in the program files of the system, which has been controlled by the hackers, through command and control servers. Generally, it comes in a .ZIP file. The Adwind RAT can hijack all type of OS, including Windows, Linux and Mac OS X. The hackers can perform malicious operations in the hijacked system. The hackers can control the complete system and can steal all the sensitive data of victim. The most worrying thing about this RAT is, it is available in forums as a paid service. Anyone can buy it to perform malicious activities against particular targets.

How Are Hackers Targeting Victims?

According to Kaspersky Lab, the hackers are sending spam emails on the behalf of HSBC bank. The hackers are trying to proof themselves legit by sending “Payment Advising Service” emails. Along the email, they are sending an attachment which is Adwind RAT in actual. When the user clicks on that attachment, the .exe file of “Adwind RAT” get executed and it makes entry into program files of the system. The hackers are using “mail.hsbcnet.hsbc.com” domain to send these type of emails.

This is just an example, the hackers could also send another type of emails according to the interests of the victim. The social engineering matters a lot in such type of attacks. Suppose, you have an account on Facebook and your email is visible to everyone. The hacker could visit your profile and can see which type of pages and groups have been joined by you. If you are an online shopper, the hacker could send you a spam email which could look like a discount coupon.

Some Security Tips

Avoid unknown emails, especially which contains an attachment with “.jar” extension.

extension. Read the complete email first, after that click on the attachment. The hackers do not care about “Typo”. If you notice multiple typo errors, it could be a malicious email.

Don’t provide all the personal information on social media. Hackers could target you by observing your interests.

Be cyber aware and read our blogs to know about such type of campaigns.

Similar Articles: