February 22, 2018 by

Fake SWIFT Service Emails Delivers Adwind Remote Access Trojan

An email phishing campaign has attempted to infect unsuspecting victims with the Adwind cross-platform remote access trojan (RAT) purporting to be an important document from the SWIFT financial messaging system.

Security researchers from Comodo Group’s Threat Research Lab have discovered a campaign with targeted spam messages alerting recipients to a bank transfer made to their designated bank accounts, advising them to review an attached document to avoid discrepancies. Of course, the purported .pdf file is actually a remote access trojan called Adwind.

Researchers suspect that this particular variant was used in order to spy and carry out reconnaissance missions on victims while downloading additional malware programs directly based on the information gathered by attackers on the environment.

Malicious emails purporting to originate from SWIFT is particularly effective since messages with the promise of money incite an emotional response by overriding critical thinking – all of which makes it more likely for the victim to open the attachment.

“When it comes to an enterprise’s financial accounts, the emotions rise even more,” researchers wrote. “If an employee receives an email, they will be afraid to not open it. What if they pass up something very important for the enterprise? Could they be punished for not looking into that email? Consequently, the chances that a potential victim will click on the infected file grow.”

Much of the attack stemmed from IPs based in the Netherlands, Cyprus and Turkey. The attack lasted nearly 9 hours on February 9.

Faith Orhan, head of Comodo Threat Research Lab said:

As we see, cybercriminals more and more often use finance-related topics as a bait to make users download malware and infect an enterprise’s network. They combine technical and human patterns as an explosive combination for breaking down the door to let the malware in. But it only works if the company has been careless about the right defense of that door.

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Expedia’s Orbitz: 880,000 Payment Cards Struck by Data Breach

Orbitz, a subsidiary of online travel giant Expedia has revealed a data breach wherein hackers may...

Read more arrow_forward

Data Theft and Departing Employees – Why it Matters (Part 2)

In this article, LIFARS outlines the best practices toward protecting your organization from data...

Read more arrow_forward

SEC Publishes Guidance on Cybersecurity Breach Disclosures

In the aftermath of the sweeping, infamous breach of Equifax, the SEC has now provided additional...

Read more arrow_forward