Indian co-operative banks on target of a new Trojan “Adwind”
By Megha Malhotra
Cybersecurity researchers of Seqrite, the enterprise arm of IT security firm Quick Heal Technologies, warned that they have detected a new wave of Adwind Java Remote Access Trojan (RAT) campaign targeting Indian co-operative banks using Covid-19 as a bait. Researchers at Seqrite cautioned that “if attackers are successful, they can take over the victim’s device to steal sensitive data like SWIFT logins and customer details and move laterally to launch large scale cyberattacks and financial frauds.”
Execution of RAT Attack
According to the researchers, the Java RAT campaign starts with a spear-phishing email which claims to have originated from either the Reserve Bank of India or a nationalised bank. The content of the email cited COVID-19 guidelines or a financial transaction, with exhaustive information in an attachment, which is a zip file containing a JAR based malware.
Upon further investigation, the researchers found out that the JAR based malware is a Remote Access Trojan that can run on any machine which has Java runtime enabled and thus can impact variety of endpoints, irrespective of their base Operating System. Once the RAT is installed, the attacker can take over the victim’s device, send commands from a remote machine, and spread laterally in the network. In addition to this, this malware can also log keystrokes, capture screenshots, download additional payloads, and extract sensitive user information.
Damage that can be caused
The attack campaigns like these, can successfully jeopardize the privacy and security of sensitive information at the co-operative banks and lead to large scale attacks and financial frauds. This information leak assists the attackers to design the next phase of attack including targeted assaults. Backdoors frequently result in sneaking the credentials for significant financial framework like SWIFT logins that can lead to enormous monetary loses to banks.
Preventive measures to stay safe
As recommended by Seqrite, To prevent and forestall such attacks, users need to be vigilant enough so as to abstain from opening attachments and tapping on web links in unsolicited emails.
Likewise, Banks should keep their operating systems up-to-date and have a full-fledged security arrangement installed on all the devices.