Tuesday, February 9, 2016

Adwind: malicious software as a service, and more than 400 000 … – studentnews.pl

At the end of 2015. Researchers from Kaspersky Lab came across the unusual malware that was detected while trying to attack targeted a bank in Singapore. The malicious JAR file was attached to a phishing e-mail messages received by a bank employee, who was the target of the attack. The attention of researchers caught numerous features of malicious software, including the ability to act on different platforms, and the fact that it was not detected by any antivirus solution.

tool remote administration Adwind

it turned out that the organization has been attacked using remote administration tools Adwind, a commercially available black-backdoor, which was written in the Java language, making it cross-platform software. The program can run on Windows, OS X, Linux and Android, allowing remote control of an infected machine, data collection, information theft and so on.

If you attacked a user opens the attached file JAR, the malware installs on their own and will attempt to communicate with the server control. The list of features of malware include:

  • interception of keyboard characters,
  •  
       theft of stored passwords and capture data from Web forms,
  •  
       make screenshots,
  •  
       take pictures and videos with the connected or built-in webcam,
  •  
       record audio from a connected or built-in microphone.
  •  
       file transfer,
  •  
       to collect general information about the system and the user.
  •  
       stealing the keys to portfolios containing cryptocurrency
  •  
       Manage SMS messages (for Android)
  •  
       theft VPN certificates.

Although it is mainly used by opportunistic criminals and shed in the conduct mass spam campaigns, Adwind was also used in targeted attacks. In August of 2015. This pest has occurred in reports on the campaign cyberszpiegowskiej directed against Argentine prosecutor, who in January 2015. Was found dead. Another example of a targeted attack was striking incident in the Singapore bank. A deeper analysis of the events concerning the use of software Adwind shows that they were not only targeted attacks, which used this tool.

Targets of attacks

During the investigation, researchers from Kaspersky Lab analyzed almost 200 examples of attacks organized by unknown criminals to spread malware Adwind and identified the sectors in which it operates most of the goals:

  • production
  •  
       finance,
  •  
       Engineering,
  •  
       design
  •  
       retail,
  •  
       government circles,
  •  
       shipbuilding industry,
  •  
       telecommunications,
  •  
       software
  •  
       education,
  •  
       food,
  •  
       health,
  •  
       the media
  •  
       energy.

From the information coming from the clouds Kaspersky Security Network shows that between August 2015. and January 2016. more than 68 000 users come into contact with samples of malware remote administration used in nearly 200 attacks Adwind.

The geographical distribution of targeted users (by clouds KSN for the period) shows that almost half of them (49%) located in the following 10 countries: the United Arab Emirates, Germany, India, United States, Italy, Russia, Vietnam, Hong Kong, Turkey and Taiwan.

On the basis of the profiles of identified targets researchers from Kaspersky Lab have identified a potential customer categories platform Adwind:

  • crooks who want to rise to the next level (using harmful software for more advanced fraud)
  •  
       unfair competition,
  •  
       cybernajemnicy (spies for rent)
  •  
       individuals who want to spy on people they know.

Danger as a service

One of the main features that distinguishes tool Adwind from other commercial malware distribution is the way – Adwind is offered openly as a paid service, and the “client” pays a fee for the use of harmful tools. Based on the analysis of user activity on the internal forum of cybercriminal services, experts from Kaspersky Lab estimates that by the end of 2015. It had about 1 800 customers. This makes Adwinda one of the largest known platform malware.

“Platforms such as Adwind make the level of professional knowledge required to carry out cyber attacks falls to a minimum. Based on our analysis of the largest attack Adwinda – a Singaporean bank – we can say that behind him the person was certainly not a professional cybercriminal and we believe that it is similar to other clients of the platform. it is a very disturbing trend, “- he said Alexander Gostev , the main expert. iT security, Kaspersky Lab .

“Despite the many articles published about Adwinda by different researchers, this platform is still active and attracts new criminals of various categories. we conducted our audit in order to draw attention to community safety IT and law enforcement a new trend where malware has the form of a service that can benefit almost everyone, “- commented Vitaly Kamliuk , Director of the Global Team. Research and Analysis (GReAT) into the Asia-Pacific , Kaspersky Lab’s.

Kaspersky Lab experts informed the law enforcement agencies for their discoveries concerning the platform Adwind.

In order to increase protection prior to this threat experts Kaspersky Lab recommends to analyze the need to use the Java platform and its exclusion of all unauthorized sources.

for more information on cyber attacks with the use of tools Adwind can be found at http://r.kaspersky.pl/adwind .

Kaspersky Lab also prepared a video showing how complex cyber threats are detected and investigated: : http: // r .kaspersky.pl / polujac_na_lowcow .


Source: Kaspersky Lab

LikeTweet
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)