Tuesday, May 6, 2025
HomeMalwareHackers Attacking Indian Banks via JAVA RAT To Hack Java Installed Windows,...

Hackers Attacking Indian Banks via JAVA RAT To Hack Java Installed Windows, Linux, and Mac

Published on

SIEM as a Service

Follow Us on Google News

Currently, the whole world is in lockdown due to the deadly COVID-19 pandemic, but, for the cybercriminals, this is the most luring opportunity. And as a result, recently, the cyber attackers have targeted all the co-operative banks in India.

Researchers uncovered a new campaign in which the attackers have used the renewed wave of the “Adwind Java RAT” to initiate the attacks against the co-operative banks in India.

Don’t know about the co-operative banks? The co-operative banks are small banks that are small in size, and they generally don’t have any large trained IT and cybersecurity team to handle such types of cyberattacks.

- Advertisement - Google News

Just like the other popular COVID-19 themed cyber-attacks, this Java RAT campaign also starts its operation with a spear-phishing email.

But, here, the difference is that the phishing emails that the attacker send to its victims, claims to be from the Reserve Bank of India or any other large banking institution in the country.

According to the Quick Heal report, all these phishing emails refers to the new RBI guidelines or any transaction with detailed information in an attached file, that contains the real surprise, in the form of a zip file.

Actually, inside that zip file, the attacker attaches a malicious JAR file as an attachment in the name of a detailed report.

In the above image, you can see the malicious zip file attached by the attacker in the name of the detailed report. Apart from this to deceive the victims, the attacker uses the popular file extensions like xlsx, pdf, and much more.

Infection Vector

The malicious JAR file, which is sent to the victims by the attackers is a remote admin trojan, that’s why the attackers can easily run them on any windows, Linux, and Mac PCs with Java installed.

The malicious payload endures itself by altering the registry key, and then the payload drops a JAR file in %appdata% location; all these happen automatically once the user manually opens the attachment sent by the attacker.

To bypass the detection from antivirus products, this malicious JAR file contains multiple layers of encryption and complex coding.

Once the malicious JAR file executed in the victim’s system, it automatically transforms into a Remote admin tool (JRAT) that allows the attackers to perform several types of malicious activities of the following:-

  • This backdoor can create or delete its persistence by sending commands.
  • Adwind RAT is capable of controlling the victim’s desktop remotely
  •  The attacker used robot class to control mouse, keyboard by sending commands from a remote machine and take a screenshot
  • Backdoors often lead to stealing of credentials for important financial infrastructure
  • Cyberattacks on banks can lead to stealing of all customer data and important financial infrastructure details. .

Here Are Some Attachment Names Used in the Java RAT Campaign:-

Email Subjects:

  • Urgent – COVID measures monitoring template
  • Query Reports for RBI INSPECTION
  • Moratorium
  • FMR returns
  • Assessment Advice-MH-603
  • [874890897] – MIS for NEFT/RTGS, 06-04-2020 [1]
  • Deal confr.
  • DI form

Attachment Names:

  • Covid_19_measures_Monitoring_Template-Final_xlsx.zip
  • NSBL-AccListOnTheBasisOfKYCData_0600402020_pdf.zip
  • Gazette notification&RBI_Directives_file-00000120_pdf.zip
  • Fmr-2_n_fmr_3_file_000002-pdf.zip
  • MON01803_DIC_pdf.zip
  • FIXEDCOMPNULL_xls.zip
  • SHRIGOVARDHANSING0023JI001_pdf.zip
  • DI_form_HY_file_00002_pdf .zip

These malicious campaigns could have their direct impact on the banks and their customers; as a result, the cyber actors could easily steal customers’ data and important financial infrastructure details of the banks.

Moreover, the security firm, Quick Heal strongly recommended the users to take necessary security measures and avoid opening the attachments attached in the emails from unknown sources.

So, what do you think about this? Simply share all your views and thoughts in the comment section below.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Also Read:

Adwind RAT Malware Attacks on US Petroleum Industry to Steal Sensitive Data

Malware-as-a-service – Adwind Malware Attack Utilities Industry Via Weaponized PDF File

New Adwind RAT Attack Linux, Windows and Mac via DDE Code Injection Technique by Evading Antivirus Software

Beware !! Dangerous RAT’s Called “Adwind, Remcos, Netwire” Delivering via A360 Cloud Drive

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...

RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals

The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...

LUMMAC.V2 Stealer Uses ClickFix Technique to Deceive Users into Executing Malicious Commands

The LUMMAC.V2 infostealer malware, also known as Lumma or Lummastealer, has emerged as a...

Chimera Malware: Outsmarting Antivirus, Firewalls, and Human Defenses

X Business, a small e-commerce store dealing in handmade home décor, became the latest...