Security Alert: Spam Campaign Spreads Adwind RAT variant, Targeting Computer Systems
Here’s how this malicious JBifrost RAT gets undetected by antivirus solutions
The malware economy is still alive and well. Cybercriminals continue to turn their attention to more targeted attacks with a smaller infrastructure to carry out. Phishing emails remain a preferred attack vector for malicious actors focused on getting access to users’ valuable data.
Security researchers recently saw and analyzed a targeted spam campaign in which cybercriminals try to lure victims into clicking on a malicious link.
In the observed attack, the spam email is carried with the following content:
From: [Spoof / Forwarded Sender Address]
payment swift copy-USD-39,814-15
Content (sanitized for your own protection):
Please find herewith the attached file of payment swift copy-USD-39,814-15. Please acknowledge receipt it.
https: //www.dropbox [.] com / s / 6etniblieaywcpm / PAYMENT% 20SWIFT% 20COPY_Parimex% 20USD_39% 2C814-15_pdf.zip? dl = 3D1 “
If the users click on the link pointing to Dropbox and activate the archive, they will receive a malicious zip file containing the following content: “PAYMENT SWIFT COPY_Parimex USD_39,814-15_pdf.jar”
A JAR (Java ARchive) is actually a ZIP file used by the Java Runtime Environment (JRE) framework to execute Java programs.
JBiFrost is an Adwind RAT version that has been rebranded by the malicious actors behind it and made its appearance to the malware market in 2016.
This variant of RAT is configured to communicate with the following C & C server on this domain (sanitized for your safety) vvrhhhnaijyj6s2m.onion [.] Top. With the help of a RAT, attackers can remotely access the file system to read, write or delete files.
The objective of this type of attack can be to exfiltrate data from compromised systems and to open a backdoor which lets online criminals to feed more malware into the targeted machines.
According to VirusTotal, only 17 antivirus products out of 61 have managed to detect this spam campaign at the time we write this security alert.
Heimdal Security proactively blocked these malicious domains, so all our Heimdal™ Threat Prevention and Endpoint Security Suite users are protected.
How to prevent being infected with Adwind RAT
This type of malware can evade detection in the first place, so it’s essential to take all the security measures needed to keep your data safe.
- Keep your operating system, including all your apps and software programs, up to date, because it’s the first place where malicious actors can exploit vulnerabilities.
- Once again, we remind you: DO NOT open emails or click on files/attachments that look suspicious to you;
- Always have a backup with all your important data on external sources like a hard drive or in the cloud (Google Drive, Dropbox, etc.) to store it. Use this guide to learn how to do it;
- Make sure you have a reliable antivirus program installed on your computer to protect your valuable data from online threats;
- It would be safer to add multiple layers of protection and use a proactive cybersecurity software solution;
- Prevention is the best cure, so learning as much as possible about how to easily detect spam emails is always the right mindset. We recommend these free educational resources to gain more knowledge in the cybersecurity industry.
*This article features cyber intelligence provided by CSIS Security Group researchers.
I loved your post so much. I learning too much about technical knowledge to read your post. Thank you so much for sharing such an amazing post. Keep sharing such stuff.
I’ve been a customer of heimdalsecurity for a long time, It’s very secure and the updates are coming frequently
Hi, This is excellent Details and Some very authentic points! I appreciate you composing information and the remaining website is really excellent
Thank you so much for sharing such useful information. It really enhanced my technical knowledge. Users can also visit: Webroot phone number
really Great blog. Thank you so much
please visit our site
Really nice… visit for verizon customer services
You blog is show useful
Visit Our Service:
Spamming is something which is done by hackers to destroy the value or to hack the authority and information of others. So, we should always maintain our data privacy. Thanks a lot for this post.
It’s very informative post, thanks for sharing on the Dropbox how it’s work? tinder for pc
Thanks, Kelly. Your comments made my day.