A form of trojan malware which has been used by cyber criminals to steal login credentials and other information from victims for over five years has been updated with the ability to hide in plain sight by using legitimate Java commands to mask its malicious behaviour.
The Adwind remote access trojan (RAT) – also known as AlienSpy and jRAT – first emerged in 2013 and is available 'as-a-service' to criminals who want to use its credential, keylogging, audio recording and other trojan malware capabilities against victims.
The malware can target users of several major operating systems and typically infects victims via phishing emails, compromised software downloads or malicious websites.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
Now a new variant of the malware has emerged which appears to specifically target Windows and common Windows applications including Internet Explorer and Outlook, along with Chromium-based browsers including Brave – which was only released this year.
Detailed by researchers at Menlo Security, the latest incarnation of Adwind is delivered by a JAR (Java Archive) file, with its malicious intent obfuscated behind several layers of packaging and encryption in order to make signature-based detection ineffective.
Once the malware has unpacked a list of command and control server addresses, Adwind is activated and is able to ..
Support the originator by clicking the read the rest link below.
