Adwind, a data-stealing trojan which can infect all sorts of operating systems, including Linux, has resurfaced. This time, however, this potent data security threat is targeting the global aerospace industry.
If the name doesn’t ring any bells, here are some of the alternative names this particular malware is known by:
The malware was first spotted in 2013. It can infect Windows, Android, Linux, and Mac OSX users. Any machine capable of running Java is a potential target, which makes it especially dangerous. It’s spread through various email spam campaigns, mostly targeting Austria, Ukraine, US, and Switzerland.
To make matters worse, data-stealing is not the only thing this trojan is capable of. It can also create a backdoor, collect keystrokes, take screenshots, record sound and video, steal login credentials, and turn your machine into a Bitcoin mining station.
According to Trend Micro, there were 117,649 Adwind emails in June alone. It’s estimated that around 1,800 computers are infected, generating the malicious authors at least $200,000 on a yearly basis.
The malicious email has a forged sender address to make it look more credible, and claims to be from the ‘Mediterranean Yacht Broker Association Charter Committee’. If the target clicks on the malicious link the message contains, the URL will drop a program information file on the machine, giving the hackers full access to it.
Although this particular campaign is targeting the aerospace industry, since its release, Adwind has been used on a massive scale to target healthcare, education, government, and telecom organisations, as well as individuals.