New Adwind RAT Attack Linux, Windows and Mac via DDE Code Injection Technique

Everything That You Need To Know About Adwind

Adwind is identified as a most popular cross-platform RAT (Remote Access Trojan) which is written in the Java and has re-emerged and used to target the enterprises in aerospace industry including Austria, Switzerland, US, Ukraine and many more. It’s variant can be considered as as Trojan: Java/Adwind.E Some of the security experts are identified Adwind as Frutas, AlienSpy, Sockrat, jRat, Jsocket, Unrecom and many more. First of all Adwind is identified in 2013 and since it is in development phase and capable for infecting almost all major Operating Systems such as Windows, Linux, Mac and Android.

Invasion Tactics of Adwind Malware

Adwind is really one of the worst remote access trojan that uses weaponized MS Office documents to compromise the targeted PC. It has capabilities to avoid the detection by anti-malware tool which means you cannot detect & delete Adwind using your anti-malware software. Such a malware is mainly targeting the Germany and Turkey country via malicious spam email campaigns. Hackers often creating spam messages and lurks them into users inbox. Opening of any spam message or attachment intentionally or unintentionally may lead your PC to Adwind infection. Many of time, it spreads via A360 Cloud Drive Platform Abuse for delivering the RAT and used as malware spreading platform using file-sharing site to the host malware. It may also victimized PC via drive-by-downloads, malicious codes, infected devices, P2P file sharing site and many more.

Related News: New Marap Malware Capable To Target Financial Sector

DDE Code Injection Tactic of Adwind

Initially Adwind attacks starts with the suspicious emails or malicious spam campaigns with body content that is written in Turkish language along with either CSV file or .XLT file attachment. The campaign of such a malware is opened by MS Excel by default and both files are capable for performing the DDE code injection attack. Once users will open Excel then it will immediately display the warnings to System user about execution of malicious code and warned user for executing several file format.

The another warning message that it will display that document will execute CMD.exe application and once user accepts warning, system will open calculator application. Bear in your mind that the primary objective of hackers to use DDE code injection tactic to create and execute VBScript in the specific content.

Some Negative Traits of Adwind

  • Automatically download and execute several malicious files and activities.
  • Opens backdoor and inject several malicious threat like Backdoor.Adwind.
  • Bypass the System security and software.
  • Makes several modification on Windows registry and delete or create new entries.
  • Corrupts programs, delete particular files and many more.

Leave a Comment

Your email address will not be published. Required fields are marked *