Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Adwind RAT resurfaces again, relies on another malware for infection

Adwind RAT resurfaces again, relies on another malware for infection

  • It now comes as a variant that uses different payloads and spreads mainly through JAR files.
  • In this camapign, the VBS-based infamous worm Houdini is leveraged to infect computer systems.

Adwind, a well-known multifunctional malware program which made news in late 2017 has sprung back. A report by McAfee Labs indicated that the remote access tool (RAT) now relies on another malware known as Houdini to infect systems. On top of this, the new variant contained various payloads for deployment.

Worth noting

  • Adwind mainly targets platforms compatible with Java applications and running the Java Runtime Environment.
  • It primarily uses a malicious JAR file as an attachment in spam emails, evident in earlier campaigns.
  • Once the JAR file runs in the system, Adwind gets installed and communicates with a remote server to conduct other malicious activities.
  • The latest variant collaborates with H-Worm/Houdini VBS-based worm to successfully infect systems.
  • A file called operational.Jrat drops the final payload thus completely compromising the system.
  • Consequently, another file called Bymqzbfsrg.vbs enables attackers to control the infected machine.

What can the malware do?

Adwind is known to possess many malicious capabilities. This includes collecting keystrokes, stealing passwords and data from web forms, taking screenshots and video from webcams, and lastly transferring files to the remote server.

Adwind has also evolved to steal from cryptocurrency wallets as well as exploit VPN certificates.

In 2017, most campaigns concerning Adwind spam were found to evade detection from antivirus and similar software. This was due to the presence of complex, layered function calls in multiple JAR files.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket