<img src="https://d5nxst8fruw4z.cloudfront.net/atrk.gif?account=5DiPo1IWhd1070" style="display:none" height="1" width="1" alt="" />

VIRUS DEFINITION

Virus Type: Spyware, Advanced Persistent Threat, Trojan, Malware

What is Adwind?

Adwind RAT, a cross-platform, multifunctional malware program also known as AlienSpy, Frutas, Unrecom, Sockrat, JSocket and jRat, and which is distributed through a single malware-as-a-service platform. One of the main features that distinguishes Adwind RAT from other commercial malware is that it is distributed openly in the form of a paid service, where the “customer” pays a fee in return for use of the malicious program. There were around 1,800 users of the system by the end of 2015. This makes it one of the biggest malware platforms in existence today.

What it can do?

The malware’s list of functions includes the ability to:

  • collect keystrokes
  • steal cached passwords and grab data from web forms
  • take screenshots
  • take pictures and record video from a webcam
  • record sound from a microphone
  • transfer files
  • collect general system and user information
  • steal keys for cryptocurrency wallets
  • manage SMS (for Android)
  • steal VPN certificates

Who are the victims of its attacks?

Between 2013 and 2016, different versions of the Adwind malware have been used in attacks against at least 443,000 private users, commercial and non-commercial organizations around the world.

Industries of interest for the attacks:

  • Manufacturing
  • Finance
  • Engineering
  • Design
  • Retail
  • Government
  • Shipping
  • Telecom
  • Software
  • Education
  • Food production
  • Healthcare
  • Media
  • Energy

Am I at risk?

Be aware if you are working in the industries listed above and are located in the following counties: United Arab Emirates, Germany, India, the USA, Italy, Russia, Vietnam, Hong Kong, Turkey and Taiwan. You are in the group of the highest risk.

How do I know if I’m infected?

Indicators of compromise can be found in a blogpost on Securelist.

How can I protect myself?

In order to protect yourself and your organization against this threat, Kaspersky Lab encourages enterprises to review the purpose of using a Java platform and to disable it for all unauthorized sources. To be on the safe side make sure you are using advanced anti-malware solutions such as Kaspersky Endpoint Security for Business. Also pay attention to your cybersecurity awareness to make sure that you can identify phishing emails in your email box.