Seqrite, a specialist provider of cybersecurity products and services, has detected a new wave of Adwind Java Remote Access Trojan (RAT) campaign targeting Indian co-operative banks using Covid-19 as a bait.

Researchers at Seqrite warned that if attackers are successful, they can take over the victim’s device to steal sensitive data like SWIFT logins and customer details and move laterally to launch large scale cyberattacks and financial frauds.

Seqrite maintained that it is successfully detecting and blocking any such attempts using its patented Signatureless and Signature-based detection technology.

According to the researchers at Seqrite, the Java RAT campaign starts with a spear-phishing email that claims to have originated from either Reserve Bank of India or a nationalized bank. The content of the email refers to COVID-19 guidelines or a financial transaction, with detailed information in an attachment, which is a zip file containing a JAR based malware.

Upon further investigation, researchers at Seqrite noted that the JAR based malware is a Remote Access Trojan that can run on any machine which has Java runtime enabled, and hence it can impact a variety of endpoints, irrespective of their base Operating System.

Once the RAT is installed, the attacker can take over the victim’s device, send commands from a remote machine, and spread laterally in the network. In addition, this malware can also log keystrokes, capture screenshots, download additional payloads, and extract sensitive user information.

Quick Heal Technologies stated that such attack campaigns can effectively jeopardize the privacy and security of sensitive data at the co-operative banks and result in large scale attacks and financial frauds.

Here are the different ways in which attackers can affect the banks:-

Steal Sensitive Data

Cyberattacks on banks can lead to the stealing of all customer data and important financial infrastructure details. This data leak helps the attacker to plan the next phase of attack including targeted attacks.

Financial Frauds

Backdoors often lead to the stealing of credentials for important financial infrastructure like SWIFT logins. This can lead to big financial losses to banks. We have previously seen incidences where banks had to face large financial losses due to such attacks.

Larger Attacks

During the last few years, there have been a few drawn-out and long duration cyberattacks on banks resulting in huge financial impact. Such attacks usually start with an initial infection that gives cybercriminals access to resources within the network and spread laterally to the rest of the network until the attacker gains access to sensitive/confidential information. The possibility of this Java RAT based being one such starting point should not be discounted.

Seqrite recommended users to exercise ample caution and avoid opening attachments and clicking on web links in unsolicited emails.

comment COMMENT NOW