Hjem » Nyheter » Kriminelle angrepet amerikanske oljeselskaper bruker Adwind Trojan

Kriminelle angrepet amerikanske oljeselskaper bruker Adwind Trojan

Unknown cybercriminals attacked companies related to the US oil industry using the Adwind Trojan (other names jRAT, AlienSpy, JSocket and Sockrat). RAT Adwind, which was used as part of a malicious data theft campaign, was previously used against companies in the electricity sector.

ENccording to researchers from Netskope, attacks are carried out from a domain belonging to Australian Internet provider Westnet. It remains unclear whether the group members are Westnet customers or they have compromised their customer accounts and use them to distribute Adwind.

“We found multiple RAT samples hosted on the serving domain and spread across multiple directories, all hosted within the last month. The attacker is either a Westnet user or has compromised the account of one or more Westnet users. The same RAT is being hosted by multiple other Westnet users”, — report Netskope researchers.

Adwind RAT is offered on a number of trading platforms on the darknet, according to the malware-as-a-service model, and over the past two years has been used repeatedly in various campaigns.

The malware is able to encrypt and filter data, capture webcam images, check hard drives for the presence of certain files based on extensions in the malware configuration, inject malicious code into legitimate processes to avoid detection and monitor the state of the system. The software modifies registry settings to ensure persistence and can disable firewalls, antivirus solutions, and other security services on infected devices.

Les også: Gratis Windows Rat Trojan NanoCore kan føre Outbreak

Ifølge forskere, in a new version of Adwind, criminals implemented complex methods of obfuscation. An analysis of the malware showed that it uses several built-in JAR archives (Java Archive) before unpacking the final payload. The obfuscation level was so effective that bare 5 ut av 56 antivirus solutions on VirusTotal could detect malware.

“The Adwind RAT is a well-known malware family that has actively been used in multiple campaigns over the last couple of years. The samples we analyzed showed that the VirusTotal detection ratio for the top-level JAR was 5/56 while that of the final decrypted JAR was 49/58. These detection ratios indicate that attackers have largely been successful in developing new, innovative obfuscation techniques to evade detection”, — emphasize Netskope developers.

According to the analysis, the attackers are primarily interested in documents, files and other locally stored data. They are also interested in finding information such as FTP passwords and SSH keys, which can give more access to the network.

Om Trojan Killer

Carry Trojan Killer Portable på minnepinne. Vær sikker på at du er i stand til å hjelpe din PC motstå eventuelle cyber trusler uansett hvor du går.

Sjekk også

Zonealarm hacket med vBulletin sårbarhet

Zonealarm fora hacket på grunn av vBulletin sårbarhet

Forumet på Zonealarm, which is owned by Check Point and whose products are used

Hvordan fjerne Villedende:Win32 / Lodi virus?

Misleading:Win32/Lodi is a generic detection utilized by Microsoft Security Essentials, Windows Defender and other anti-virus

Legg igjen et svar