The malware economy is still alive and well. Cybercriminals continue to turn their attention to more targeted attacks with a smaller infrastructure to carry out. Phishing emails remain a preferred attack vector for malicious actors focused on getting access to users’ valuable data.

Security researchers recently saw and analyzed a targeted spam campaign in which cybercriminals try to lure victims into clicking on a malicious link.

In the observed attack, the spam email is carried with the following content:

From: [Spoof / Forwarded Sender Address]

Subject Line:
payment swift copy-USD-39,814-15

Content (sanitized for your own protection):

“Dear Sir

Please find herewith the attached file of payment swift copy-USD-39,814-15. Please acknowledge receipt it.

Best Regards

https: //www.dropbox [.] com / s / 6etniblieaywcpm / PAYMENT% 20SWIFT% 20COPY_Parimex% 20USD_39% dl = 3D1 “

If the users click on the link pointing to Dropbox and activate the archive, they will receive a malicious zip file containing the following content: “PAYMENT SWIFT COPY_Parimex USD_39,814-15_pdf.jar”

A JAR (Java ARchive) is actually a ZIP file used by the Java Runtime Environment (JRE) framework to execute Java programs.

During this spam campaign, if the .jar file is run by an invisible recipient and a javascript translator is installed on the targeted machine, cybercriminals will “drop” the malicious JBiFrost RAT on the hard drive.

JBiFrost is an Adwind RAT version that has been rebranded by the malicious actors behind it and made its appearance to the malware market in 2016.

This variant of RAT is configured to communicate with the following C & C server on this domain (sanitized for your safety) vvrhhhnaijyj6s2m.onion [.] Top. With the help of a RAT, attackers can remotely access the file system to read, write or delete files.

The objective of this type of attack can be to exfiltrate data from compromised systems and to open a backdoor which lets online criminals to feed more malware into the targeted machines.

According to VirusTotal, only 17 antivirus products out of 61 have managed to detect this spam campaign at the time we write this security alert.

AV JBIFrost Rar

Heimdal Security proactively blocked these malicious domains, so all our Heimdal™ Threat Prevention and Endpoint Security Suite users are protected.

How to prevent being infected with Adwind RAT

This type of malware can evade detection in the first place, so it’s essential to take all the security measures needed to keep your data safe.

  • Keep your operating system, including all your apps and software programs, up to date, because it’s the first place where malicious actors can exploit vulnerabilities.
  • Once again, we remind you: DO NOT open emails or click on files/attachments that look suspicious to you;
  •  Always have a backup with all your important data on external sources like a hard drive or in the cloud (Google Drive, Dropbox, etc.) to store it. Use this  guide to learn how to do it;
  • Make sure you have a reliable antivirus program installed on your computer to protect your valuable data from online threats;
  • It would be safer to add multiple layers of protection and use a proactive cybersecurity software solution;
  • Prevention is the best cure, so learning as much as possible about how to easily detect spam emails is always the right mindset. We recommend these free educational resources to gain more knowledge in the cybersecurity industry.

Stay safe!

*This article features cyber intelligence provided by CSIS Security Group researchers.

What to Do if Your Email Account Has Been Hacked

How Malicious Websites Infect You in Unexpected Ways

15+ Online Habits That Are Compromising Your Online Safety


I loved your post so much. I learning too much about technical knowledge to read your post. Thank you so much for sharing such an amazing post. Keep sharing such stuff.

I’ve been a customer of heimdalsecurity for a long time, It’s very secure and the updates are coming frequently

Hi, This is excellent Details and Some very authentic points! I appreciate you composing information and the remaining website is really excellent

Thank you so much for sharing such useful information. It really enhanced my technical knowledge. Users can also visit: Webroot phone number

Really nice… visit for verizon customer services

Spamming is something which is done by hackers to destroy the value or to hack the authority and information of others. So, we should always maintain our data privacy. Thanks a lot for this post.

It’s very informative post, thanks for sharing on the Dropbox how it’s work? tinder for pc

Thanks, Kelly. Your comments made my day.

Leave a Reply

Your email address will not be published. Required fields are marked *