Adwind, a well-known multifunctional malware program which made news in late 2017 has sprung back. A report by McAfee Labs indicated that the remote access tool (RAT) now relies on another malware known as Houdini to infect systems. On top of this, the new variant contained various payloads for deployment.
What can the malware do?
Adwind is known to possess many malicious capabilities. This includes collecting keystrokes, stealing passwords and data from web forms, taking screenshots and video from webcams, and lastly transferring files to the remote server.
Adwind has also evolved to steal from cryptocurrency wallets as well as exploit VPN certificates.
In 2017, most campaigns concerning Adwind spam were found to evade detection from antivirus and similar software. This was due to the presence of complex, layered function calls in multiple JAR files.
In earlier campaigns, Adwind relied on different file extensions such as .dll, .bin, and .so. It is estimated that more than a million emails were sent to victims in 2017.