Adwind Discovered in Two New Malware Packages Being Dropped via Spam Campaigns

Target: Various

Attack Vector: Phishing / Data Theft

Summary: Two new malware strains delivering Adwind have resulted in a number of different final payloads including Loki, XTRAT and DUNIHI. Both campaigns have been designed to avoid detection whilst attempting to steal information. Both campaigns have been observed making use of a previously patched vulnerability, CVE-2017-11882.

Risk assessment summary: This threat is assessed at 3e MODERATE. As there has been such a large number of infections, the attack methods have been observed abusing a vulnerability for which patches are available. There is a risk that an infection could be spread across a network. In addition to detection avoidance, both strains come with new information stealing malware payloads, increasing the risk of loss of personal data and intellectual property.

jRAT Adwind Malware

Large Phishing Campaign seen to be delivering jRAT (Adwind) Malware

Target: Global threat

Attack Vector: A phishing campaign dropping the malware

Summary: A large phishing campaign is spreading the jRAT Trojan, dubbed Adwind, under the guise of a well-crafted UPS tracking email. The unknown actors attempt to trick victims into downloading JavaScript built malware with the aim of remotely accessing their device. The malware has historically hit more than 1,500 organizations in over 100 countries.

Risk assessment summary: The threat is assessed as 3d MODERATE. It is still a live, wide reaching campaign. It is a realistic possibility that several companies will be affected. The threat from information stealers is directly financial and the loss of intellectual property is likely where an infection takes pace. The precise risk is dependent on the type of information held by the company, whether that be customer Personally Identifiable Information or that of the individual who is infected.