Kaspersky Lab Delves into Adwind RAT
A malware program Adwind RAT (Remote Access Trojan), which performs several functions and across platforms, spreads via one lone malware-as-a-service utility. It seemingly has been utilized within assaults targeted at a minimum 443,000 individual consumers, non-commercial and commercial agencies worldwide.
The RAT, after contaminating an end-user's PC, clandestinely captures its data even as it lets the remotely-located hacker gain admission into the device followed with regulating it.
Adwind has more names such as Unrecom, Frutas, AlienSpy, JRat, JSocket and Sockrat. It has backdoor capabilities written wholly with the Java computer language, and can be bought. The Trojan's cross-platform feature makes it executable on OS X, Windows, Android and Linux devices, allowing remote hold over the desktop, data collection and exfiltration, among others. At 2015-end, the malware caught Kaspersky Lab's attention. This was when the Trojan was attacking one Singaporean bank.
Security researchers at Kaspersky Lab find that Adwind's author must be speaking Spanish. They also note that the malware creator is trading its access via subscription mode at different ranges of prices such as $300 for 12 months or $25 for a period of fifteen days. For the buyer, some facilities like obfuscation ability for bypassing AV detection, technical support, non-chargeable scans using several AV engines, and virtual private network (VPN) A/Cs are provided, all of which make sure his ware goes undetected during its deployment.
Kaspersky Lab during a computation process found that starting 2013, the Adwind attackers tried contaminating 440,000-and-more computers using different variants. During August-January alone, the RAT was utilized within some 200 spear-phishing assaults, targeted at 68,000-and-more end-users. Pcworld posted this, February 9, 2016.
Kaspersky states that the buyers of Adwind mostly utilized the malware for targeted assaults rather than for bulk spying. The reason for this limitation attributes to Adwind's modus operandi that involves gathering huge volumes of data while occasionally overwhelming command-and-control servers during attacks against several targets simultaneously.
Meanwhile, Adwind's owner manages staying one step ahead of security professionals (Kaspersky researchers) along with law enforcement by every time starting with a new variant under a fresh name, thus making takedown operations really difficult.
» SPAMfighter News - 2/16/2016