Adwind Discovered in Two New Malware Packages Being Dropped via Spam Campaigns
Attack Vector: Phishing / Data Theft
Summary: Two new malware strains delivering Adwind have resulted in a number of different final payloads including Loki, XTRAT and DUNIHI. Both campaigns have been designed to avoid detection whilst attempting to steal information. Both campaigns have been observed making use of a previously patched vulnerability, CVE-2017-11882.
Risk assessment summary: This threat is assessed at 3e MODERATE. As there has been such a large number of infections, the attack methods have been observed abusing a vulnerability for which patches are available. There is a risk that an infection could be spread across a network. In addition to detection avoidance, both strains come with new information stealing malware payloads, increasing the risk of loss of personal data and intellectual property.
Large Phishing Campaign seen to be delivering jRAT (Adwind) Malware
Target: Global threat
Attack Vector: A phishing campaign dropping the malware
Risk assessment summary: The threat is assessed as 3d MODERATE. It is still a live, wide reaching campaign. It is a realistic possibility that several companies will be affected. The threat from information stealers is directly financial and the loss of intellectual property is likely where an infection takes pace. The precise risk is dependent on the type of information held by the company, whether that be customer Personally Identifiable Information or that of the individual who is infected.