New Adwind RAT Attack Linux, Windows and Mac via DDE Code Injection Technique by Evading Antivirus Software

RAT

New Adwind RAT Attack Linux, Windows and Mac via DDE Code Injection Technique by Evading Antivirus Software

New Adwind 3.0 RAT (Remote access Trojan) Evolving with new sophisticated capabilities, unlike old version it mainly attacks desktop version of  Linux, Windows and Mac OSX using DDE code injection technique.

Attackers are using weaponized Microsoft Office documents to compromise the targeted victims and also new capabilities that able to avoid detection by anti-virus software.

This attack mainly targeting Turkey and Germany via malicious spam email campaign which is started on Aug. 26, 2018, peaking on Aug. 28.

Previous version Adwind Widely spreading via A360 Cloud Drive Platform Abuse for Delivering Remote Access Trojans and used as a Malware Distributing Platform by using a File-sharing site to host Malware.

Another scenario Cross-platform Remote Access Trojan “Adwind” Steal Credentials, Record and Harvest keystrokes the Aerospace Industries Data.

Adwind 3.0 RAT can able to, log keystroke, take screenshots, take pictures or transfer files execute any kind of commands on its victims.

 

RAT

 

Adwind 3.0 RAT Code Injection Technique Scenario

 

An initial stage of attack starts with the malicious spam emails with the body content written in the Turkish language along with an attachment of either CSV file or.XLT file.

Both campaign opened by Microsoft Excel by default and both files are capable of performing DDE code injection attack.

In this case, malicious dropper has the various malicious format in below list and note that all the extension will be opened by default in Microsoft Excel Document but non-default extensions, a script starting Excel with a file with one of these extensions as a parameter is still a viable attack scenario.

Once the victims will open the Excel file then it will display warnings to the user regarding the execution of code and it warned the user executing the different file format and the file will probably be corrupted if you’re open the file.

Another warning will displays that the document will execute the application “CMD.exe.” and once the user accepts the warnings, the system will open the calculator application.

The main purpose of the code injection technique used by attackers to create and execute a VBScript in specific content.

 

malicious

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Data Analysis

Internet Of Things Training Hyderabad

Internet Of Things Training in Bhubaneswar

Internet Of Things Training in Bangalore

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Web Penetration Testing Company in Bangalore

Network Penetration Testing – NPT

Network Penetration Testing Service in Bangalore

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


Show Buttons
Hide Buttons