Quote:A new version of the Adwind remote access trojan (RAT) has been discovered taking aim at new targets. Adwind (a.k.a. JRAT or SockRat) is a Java-based remote access trojan that sniffs out data – mainly login credentials – from victims’ machines. While Adwind has historically been platform-agnostic, researchers say they have discovered a new four-month-old version targeting specifically Windows applications – like Explorer and Outlook – as well as Chromium-based browsers.
 
The swap up in targeting “shows that attackers are closely keeping track of newly released applications that are gaining traction amongst end users and adapt their RAT functionality to steal information from these new applications,” Krishnan Subramanian, security researcher at Menlo Labs, told Threatpost.

The new variant is a JAR file (Java ARchive; a package file format typically used to aggregate many Java class files) that researchers say is typically delivered from a link in a phishing email or downloaded from a legitimate site serving up insecure third-party content.