Adwind Loki XTRAT DUNIHI

Adwind Discovered in Two New Malware Packages Being Dropped via Spam Campaigns

Target: Various

Attack Vector: Phishing / Data Theft

Summary: Two new malware strains delivering Adwind have resulted in a number of different final payloads including Loki, XTRAT and DUNIHI. Both campaigns have been designed to avoid detection whilst attempting to steal information. Both campaigns have been observed making use of a previously patched vulnerability, CVE-2017-11882.

Risk assessment summary: This threat is assessed at 3e MODERATE. As there has been such a large number of infections, the attack methods have been observed abusing a vulnerability for which patches are available. There is a risk that an infection could be spread across a network. In addition to detection avoidance, both strains come with new information stealing malware payloads, increasing the risk of loss of personal data and intellectual property.