Trojans found attacking Indian Co-operative banks using Covid-19 spear-phishing: Report

Prashasti Awasthi Mumbai | Updated on May 19, 2020 Published on May 19, 2020

Seqrite, a specialist provider of cybersecurity products and services, has detected a new wave of Adwind Java Remote Access Trojan (RAT) campaign targeting Indian co-operative banks using Covid-19 as a bait.

Researchers at Seqrite warned that if attackers are successful, they can take over the victim’s device to steal sensitive data like SWIFT logins and customer details and move laterally to launch large scale cyberattacks and financial frauds.

Seqrite maintained that it is successfully detecting and blocking any such attempts using its patented Signatureless and Signature-based detection technology.

According to the researchers at Seqrite, the Java RAT campaign starts with a spear-phishing email that claims to have originated from either Reserve Bank of India or a nationalized bank. The content of the email refers to COVID-19 guidelines or a financial transaction, with detailed information in an attachment, which is a zip file containing a JAR based malware.

Upon further investigation, researchers at Seqrite noted that the JAR based malware is a Remote Access Trojan that can run on any machine which has Java runtime enabled, and hence it can impact a variety of endpoints, irrespective of their base Operating System.

Once the RAT is installed, the attacker can take over the victim’s device, send commands from a remote machine, and spread laterally in the network. In addition, this malware can also log keystrokes, capture screenshots, download additional payloads, and extract sensitive user information.

Quick Heal Technologies stated that such attack campaigns can effectively jeopardize the privacy and security of sensitive data at the co-operative banks and result in large scale attacks and financial frauds.

Here are the different ways in which attackers can affect the banks:-

Steal Sensitive Data

Cyberattacks on banks can lead to the stealing of all customer data and important financial infrastructure details. This data leak helps the attacker to plan the next phase of attack including targeted attacks.

Financial Frauds

Backdoors often lead to the stealing of credentials for important financial infrastructure like SWIFT logins. This can lead to big financial losses to banks. We have previously seen incidences where banks had to face large financial losses due to such attacks.

Larger Attacks

During the last few years, there have been a few drawn-out and long duration cyberattacks on banks resulting in huge financial impact. Such attacks usually start with an initial infection that gives cybercriminals access to resources within the network and spread laterally to the rest of the network until the attacker gains access to sensitive/confidential information. The possibility of this Java RAT based being one such starting point should not be discounted.

Seqrite recommended users to exercise ample caution and avoid opening attachments and clicking on web links in unsolicited emails.

Published on May 19, 2020

A letter from the Editor

Dear Readers,

The coronavirus crisis has changed the world completely in the last few months. All of us have been locked into our homes, economic activity has come to a near standstill. Everyone has been impacted.

Including your favourite business and financial newspaper. Our printing and distribution chains have been severely disrupted across the country, leaving readers without access to newspapers. Newspaper delivery agents have also been unable to service their customers because of multiple restrictions.

In these difficult times, we, at BusinessLine have been working continuously every day so that you are informed about all the developments – whether on the pandemic, on policy responses, or the impact on the world of business and finance. Our team has been working round the clock to keep track of developments so that you – the reader – gets accurate information and actionable insights so that you can protect your jobs, businesses, finances and investments.

We are trying our best to ensure the newspaper reaches your hands every day. We have also ensured that even if your paper is not delivered, you can access BusinessLine in the e-paper format – just as it appears in print. Our website and apps too, are updated every minute, so that you can access the information you want anywhere, anytime.

But all this comes at a heavy cost. As you are aware, the lockdowns have wiped out almost all our entire revenue stream. Sustaining our quality journalism has become extremely challenging. That we have managed so far is thanks to your support. I thank all our subscribers – print and digital – for your support.

I appeal to all or readers to help us navigate these challenging times and help sustain one of the truly independent and credible voices in the world of Indian journalism. Doing so is easy. You can help us enormously simply by subscribing to our digital or e-paper editions. We offer several affordable subscription plans for our website, which includes Portfolio, our investment advisory section that offers rich investment advice from our highly qualified, in-house Research Bureau, the only such team in the Indian newspaper industry.

A little help from you can make a huge difference to the cause of quality journalism!


Support Quality Journalism
  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.
You have read 1 out of 3 free articles for this week. For full access, please subscribe and get unlimited access to all sections.