Indian co-operative banks need to be extra careful as a new wave of Adwind Java Remote Access Trojan (RAT) campaign is targeting their accounts using Covid-19 as a bait. According to researchers at Seqrite – a specialist provider of cybersecurity products and services – the attackers can take over the victim’s device to steal sensitive data like SWIFT logins and customer details and move laterally to launch large scale cyberattacks and financial frauds. 

How RAT attacks are pulled off?

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

The researchers explain that the Java RAT campaign starts with a spear-phishing email which claims to have originated from either Reserve Bank of India or a nationalized bank. This email refers to COVID-19 guidelines or a financial transaction, with detailed information in an attachment, which is a zip file containing a JAR based malware. 

The JAR based malware is a Remote Access Trojan that can run on any machine which has Java runtime enabled and hence it can impact variety of endpoints, irrespective of their base Operating System. Once the RAT is installed, the attacker can take over the victim’s device, send commands from a remote machine, and spread laterally in the network. 

WATCH Zee Business TV LIVE Streaming Online

The malware can also log keystrokes, capture screenshots, download additional payloads, and extract sensitive user information.

What information can be sold?

These attacks can give hackers access to sensitive data at the co-operative banks and result in large scale attacks and financial frauds. This data leak helps the attacker to plan the next phase of attack including targeted attacks. Backdoors often lead to stealing of credentials for important financial infrastructure like SWIFT logins. This can lead to big financial loses to banks. We have previously seen incidences where banks had to face large financial losses due to such attacks.

How to stay safe?

It is required to timely detect and block such campaigns. The researchers recommend users to exercise ample caution and avoid opening attachments and clicking on web links in unsolicited emails. Banks should also keep their Operating Systems updated and have a full-fledged security solution installed on all the devices.