News

RAT Trojan Adwind attacks US energy sector

Unknown attackers targeted infrastructure of the US electricity industry. With the help of malicious emails, employees of the energy enterprises were delivered the Adwind RAT Trojan, which specializes in attacks on the electricity sector.

The malware, also known as JRAT, SockRat, AlienSpy, JSocket, Frutas and Unrecom, is used to steal information. It can take screenshots, collect credentials from Chrome, Internet Explorer and Microsoft Edge, record audio and video, take pictures, read keystrokes on the keyboard, and steal files, email and VPN certificates.

Adwind distributed under the “malware as a service” model. Anyone can buy a trojan on the black market.

Bob NoelBob Noel
Bob Noel

“The fact that Adwind can be accessed as a regular service is disturnbing. Anyone can pay and attack the enterprises that run critical infrastructure facilities”, – said Bob Noel, Plixer vice president of strategic relations.

According to Milo Salvia, a researcher at Cofense, ongoing attacks begin with malicious mailing. The letter, which attracted experts’ attention, was sent from a hacked account of Friary Shoes. It stated that the recipient must sign and return a copy of a payment receipt.

The letter was accompanied by an image with a built-in link, masked under a PDF file.

If the user tried to open the attachment, he was automatically redirected to the hacked site of Fletcher Specs, from which the malware was downloaded to victim’s computer.

Read also: Trojan Varenyky spies on porn sites users

The original payload was a JAR file named Scan050819.pdf_obf.jar. Thus, attackers tried to hide the true extension and pass it off as a PDF document. This JAR file in the background created two Java.exe processes that loaded two separate .class files containing Adwind. After that, the malware transmitted a signal to the command and control server.

“Forcing users to open malicious links or attachments is still the most successful way for cybercriminals to gain access to the target system. Malwares like Adwind will be able to disable antiviruses when they get to the device”, – said Bob Noel.

To avoid detection, the Trojan found on the computer the most common anti-virus programs and malware analysis tools and disabled them using the taskkill.exe process.

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Hotblekudi.today Pop-up Ads

About Hotblekudi.today Hotblekudi.today pop-ups can not introduce out of nowhere. If you have clicked some…

2 hours ago

Remove Hotbkefubu.cc Pop-up Ads

About Hotbkefubu.cc Hotbkefubu.cc pop-ups can not expose out of the blue. If you have actually…

2 hours ago

Remove Hotbxevumi.today Pop-up Ads

About Hotbxevumi.today Hotbxevumi.today pop-ups can not introduce out of the blue. If you have actually…

2 hours ago

Remove Heoqp.info Pop-up Ads

About Heoqp.info Heoqp.info pop-ups can not expose out of the blue. If you have clicked…

18 hours ago

Remove Clinicclear.site Pop-up Ads

About Clinicclear.site Clinicclear.site pop-ups can not introduce out of the blue. If you have clicked…

18 hours ago

Remove Protectionhere.help Pop-up Ads

About Protectionhere.help Protectionhere.help pop-ups can not expose out of nowhere. If you have actually clicked…

18 hours ago