Experts from cyber security firm Heimdal Security has spotted a spam campaign delivering the Adwind RAT (Remote Access Trojan).
The threat is a privileged weapon in the arsenal of criminal organizations, the Adwind RAT is a cross-platform malware that can perform a wide range of malicious functions, including the set up of a backdoor into the victim’s PC.
According to the firm security company, the campaign was launched during the weekend and only targeted Danish businesses, but experts believe it could soon target other countries.
Malware researchers from Heimdal reported that the malicious emails came with a file attachment named Doc-[Number].jar, and the bad news is that according to the online antivirus scanning service VirusTotal no antivirus engine was able to detect the threat. This circumstance is very intriguing if we consider that the Adwind RAT was first spotted four years ago.
The Adwind RAT is able to run on any platform that supports Java Runtime Environment.
The Adwind RAT was first discovered early 2012, the experts dubbed it Frutas RAT and later it was identified with other names, Unrecom RAT (February 2014), AlienSpy (October 2014), and recently JSocket RAT (June 2015).
“The re-emergence of Adwind RAT provides additional proof to support this. This Java-based malware has been spotted over the weekend in several targeted attacks against Danish companies.” states a blog post published by Heimdal Security.
“A zero percent detection rate associated with