News

RAT Trojan Adwind attacks US energy sector

Unknown attackers targeted infrastructure of the US electricity industry. With the help of malicious emails, employees of the energy enterprises were delivered the Adwind RAT Trojan, which specializes in attacks on the electricity sector.

The malware, also known as JRAT, SockRat, AlienSpy, JSocket, Frutas and Unrecom, is used to steal information. It can take screenshots, collect credentials from Chrome, Internet Explorer and Microsoft Edge, record audio and video, take pictures, read keystrokes on the keyboard, and steal files, email and VPN certificates.

Adwind distributed under the “malware as a service” model. Anyone can buy a trojan on the black market.

Bob Noel

“The fact that Adwind can be accessed as a regular service is disturnbing. Anyone can pay and attack the enterprises that run critical infrastructure facilities”, – said Bob Noel, Plixer vice president of strategic relations.

According to Milo Salvia, a researcher at Cofense, ongoing attacks begin with malicious mailing. The letter, which attracted experts’ attention, was sent from a hacked account of Friary Shoes. It stated that the recipient must sign and return a copy of a payment receipt.

The letter was accompanied by an image with a built-in link, masked under a PDF file.

If the user tried to open the attachment, he was automatically redirected to the hacked site of Fletcher Specs, from which the malware was downloaded to victim’s computer.

Read also: Trojan Varenyky spies on porn sites users

The original payload was a JAR file named Scan050819.pdf_obf.jar. Thus, attackers tried to hide the true extension and pass it off as a PDF document. This JAR file in the background created two Java.exe processes that loaded two separate .class files containing Adwind. After that, the malware transmitted a signal to the command and control server.

“Forcing users to open malicious links or attachments is still the most successful way for cybercriminals to gain access to the target system. Malwares like Adwind will be able to disable antiviruses when they get to the device”, – said Bob Noel.

To avoid detection, the Trojan found on the computer the most common anti-virus programs and malware analysis tools and disabled them using the taskkill.exe process.

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Chernars.com Pop-up Ads

About Chernars.com Chernars.com pop-ups can not open out of nowhere. If you have actually clicked…

8 hours ago

Remove Eclipse-adblocker.pro Pop-up Ads

About Eclipse-adblocker.pro Eclipse-adblocker.pro pop-ups can not open out of nowhere. If you have actually clicked…

8 hours ago

Remove Initiateadvancedcompletelythe-file.top Pop-up Ads

About Initiateadvancedcompletelythe-file.top Initiateadvancedcompletelythe-file.top pop-ups can not open out of nowhere. If you have actually clicked…

8 hours ago

Remove Pbmsoultions.com Pop-up Ads

About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…

3 days ago

Remove Prizestash.com Pop-up Ads

About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…

3 days ago

Remove Verifiedbreaking.com Pop-up Ads

About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…

3 days ago