Want to become a cybercriminal? All you need is a credit card.
Cybersecurity firm Kaspersky Lab has just published extensive research on a Malware-as-a-Service platform that has been the source of attacks on at least 443,000 users and organizations around the world. The malware, called Adwind Remote Access Tool (RAT), can be purchased online and provides capabilities for remote desktop control, data gathering and data exfiltration. It’s available in different versions, and also known as AlienSpy, Frutas, Unrecom, Sockrat, JSocket and jRat.
The malware is written in Java, which means that it can run on Windows, Mac, Linux and Android platforms, and is not readily detected by antivirus tools. Cyber criminals have distributed the malicious code via attachments to phishing emails. If the targeted user opens the attachment, the malware self-installs and attempts to communicate with its command-and-control server. The malware’s capabilities include:
- collecting keystrokes
- stealing cached passwords
- grabbing data from web forms
- taking screenshots
- recording video from a webcam
- recording sound from a microphone
- transferring files
- collecting general system and user information
- stealing keys for cryptocurrency wallets
- stealing VPN certificates
While it is used mainly by opportunistic attackers and distributed via massive spam campaigns, Adwind has also been used in targeted attacks. During their investigation, the Kaspersky Lab researchers were able to analyze nearly 200 examples of spear-phishing attacks organized by unknown cybercriminals to spread the Adwind malware. Targets of the attacks worked in more than a dozen different industries, ranging from manufacturing and engineering to finance, healthcare, energy, media and government.
What distinguishes Adwind RAT from other commercial malware is that it is distributed openly in the form of a service, in which the “customer” pays a fee for use of the malicious program. It works just like the Software-as-a-Service tools that you likely use in your business. Kaspersky Lab researchers estimate that there were around 1,800 users in the system by the end of 2015, making it one of the biggest malware platforms in existence today. The researchers believe that Adwind customers are scammers who want to use malware for more advanced fraud, unfair competitors, cyber-mercenaries, and private individuals who want to spy on people they know.
Unfortunately, Adwind is not the first or only Malware-as-a-Service application. Also known as Attacks-as-a-Service, Fraud-as-a-Service and Threat-as-a-Service, the model provides cybercriminals with all the benefits of cloud computing. The developers are responsible for maintaining the code and supporting infrastructure, and for providing regular updates to thwart improvements in antivirus software. The cost of development is spread among customers who pay a subscription or flat fee for ready-to-use cyberattack tools.
The FBI estimates that there are about 200 criminals who provide Malware-as-a-Service applications. In addition to malware, it’s possible to purchase Distributed Denial of Service (DDoS) attacks for as little as $25 per hour, and a botnet of 10,000 computers for $1,000. Of course, the damage caused by these attacks costs businesses much, much more.
Clearly, there’s much to be worried about when it comes to cybersecurity. It is absolutely critical to have up-to-date security tools in place and to teach your users to be vigilant. Atlantic-IT.net, your outsourced IT department, is here to help. Contact us for a confidential consultation.