Firewall Security Management

Firewall Security Management

20 TOP MOST PROBLEMS IN FIREWALLS WHICH IMPACT BUSINESS More »

Firewall Security Management

Firewall Security Management

Firewall Hardening Checklist More »

Firewall Security Monitoring

Firewall Security Monitoring

Giving You a Proactive Approach to Your Cyber security with Security Monitoring More »

Best TOP Enterprise Network Firewalls

Best TOP Enterprise Network Firewalls

List of Top Firewall Providers Company / Companies in India More »

 

Adwind RAT resurfaces again, relies on another malware for infection

  • It now comes as a variant that uses different payloads and spreads mainly through JAR files.
  • In this camapign, the VBS-based infamous worm Houdini is leveraged to infect computer systems.

Adwind, a well-known multifunctional malware program which made news in late 2017 has sprung back. A report by McAfee Labs indicated that the remote access tool (RAT) now relies on another malware known as Houdini to infect systems. On top of this, the new variant contained various payloads for deployment.

Worth noting

  • Adwind mainly targets platforms compatible with Java applications and running the Java Runtime Environment.
  • It primarily uses a malicious JAR file as an attachment in spam emails, evident in earlier campaigns.
  • Once the JAR file runs in the system, Adwind gets installed and communicates with a remote server to conduct other malicious activities.
  • The latest variant collaborates with H-Worm/Houdini VBS-based worm to successfully infect systems.
  • A file called operational.Jrat drops the final payload thus completely compromising the system.
  • Consequently, another file called Bymqzbfsrg.vbs enables attackers to control the infected machine.

What can the malware do?

Adwind is known to possess many malicious capabilities. This includes collecting keystrokes, stealing passwords and data from web forms, taking screenshots and video from webcams, and lastly transferring files to the remote server.

Adwind has also evolved to steal from cryptocurrency wallets as well as exploit VPN certificates.

In 2017, most campaigns concerning Adwind spam were found to evade detection from antivirus and similar software. This was due to the presence of complex, layered function calls in multiple JAR files.

Firewall Company | Firewall Company India | Firewall Provider India | Firewall Company