Security researchers with Netskope have uncovered a sophisticated malware campaign targeting firms in the US petroleum industry. Companies in the sector are receiving malicious phishing messages that trigger the download of a new variant of the Adwind Remote Access Trojan (RAT).
Adwind is also known as jRAT, AlienSpy, JSocket, and Sockrat. The developers of Adwind are distributing it on the dark web via a malware-as-a-service (MaaS) platform. The standard Adwind version is only capable of evading certain basic anti-malware solutions. However, according to Abhinav Singh of Netskope the newly detected variant is more sophisticated and uses “multi-layer obfuscation to try to evade detection.”
Read more: New Adwind RAT Variant Used Against the US Petroleum Sector