jRat malware spreads via rogue VAT return forms

A campaign of fraudulent email messages is delivering jRat malware. The infection is also known as Adwind, Jackbot and several other names. Rogue letters claim to originate from Her Majesty’s Revenue & Customs (HMRC) and include value added tax (VAT) return papers.

The service jRat (more commonly referred to as Adwind) is considered to be the biggest malware platform around. Its one of strongest advantages is that it can be operated on a number of different operating systems: Windows, macOS, Linux and Android.

It can initiate spying and monitoring activities. For instance, it can collect keystrokes, steal cached passwords and grab data from web forms, take screenshots, take pictures and record video from a webcam, transfer files, steal VPN certificates, manage SMS and initiate other disturbing spying.

Trustware researchers have reported that people from Britain are being threatened by fraudulent messages with titles of “VAT Return Query”. The hackers have selected a rather unusual method of infiltrating malware in this case. It is common that spam campaigns would simply distribute malicious payloads or their downloaders.

In this case, the email message attempts to trick people with an embedded image of a PDF file. The content of the letter suggest that the sent VAT return query contains some mistakes and users should click on the file to download the form and fix it. However, there is no PDF attachment to download.

If users do click on the suggested “PDF file”, they will actually be redirected to a malicious ZIP-archived executable. It will be presented via Microsoft OneDrive. If users unzip the archive, the Adwind (or jRat) will be inserted into operating systems. Therefore, you should not be eager to download random files from senders you have had zero interaction/communication. This recommendation should be remembered every time users enter their email accounts.

This infection is highly-popular among hackers as it can be purchased for a relatively small price: 29 dollars. After taking a look at the features of Adwind, you should realize that keeping it in an operating system will mean that your every move will be recorded, maybe even live-streamed to the suspicious hackers.

Source: zdnet.com.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Security Guides

Recent Comments