Virus Type: Spyware, Advanced Persistent Threat, Trojan, Malware
Adwind RAT, a cross-platform, multifunctional malware program also known as AlienSpy, Frutas, Unrecom, Sockrat, JSocket and jRat, and which is distributed through a single malware-as-a-service platform. One of the main features that distinguishes Adwind RAT from other commercial malware is that it is distributed openly in the form of a paid service, where the “customer” pays a fee in return for use of the malicious program. There were around 1,800 users of the system by the end of 2015. This makes it one of the biggest malware platforms in existence today.
The malware’s list of functions includes the ability to:
Between 2013 and 2016, different versions of the Adwind malware have been used in attacks against at least 443,000 private users, commercial and non-commercial organisations around the world.
Industries of interest for the attacks:
Be aware if you are working in the industries listed above and are located in the following countries: United Arab Emirates, Germany, India, the USA, Italy, Russia, Vietnam, Hong Kong, Turkey and Taiwan. You are in the group of the highest risk.
Indicators of compromise can be found in a blogpost on Securelist.
In order to protect yourself and your organisation against this threat, Kaspersky Lab encourages enterprises to review the purpose of using a Java platform and to disable it for all unauthorised sources. To be on the safe side make sure you are using advanced anti-malware solutions such as Kaspersky Endpoint Security for Business. Also pay attention to your cybersecurity awareness to make sure that you can identify phishing emails in your email box.
Adwind: Malware-as-a-Service Platform - Threat Definition