Security researchers discovered a re-emergence of the Adwind RAT in spam emails containing the spyware as part of a campaign targeting Denmark-based companies this weekend. The malicious emails, targeting English-language speakers, were undetectable by anti-virus scans, according to Romanian firm Heimdal Security.
“Adwind is an especially insidious threat because it's cross-platform and can perform this wide range of functions,” wrote Heimdal Security's Andra Zaharia on a company blog post Monday. “Successful Adwind infections give online criminals a backdoor into PCs running Windows, OS X, Linux and even Android.”
The RAT re-emerged in February as a cross-platform backdoor after the malware appeared to have been taken down last year. The Java-based RAT, also known as AlienSpy, Frutas, Unrecom, Sockrat, JSocket, jRat and KilerRat, infected nearly 400,000 victims worldwide.
Adwind's predecessor AlienSpy was discovered on the cell phone of Alberto Nisman, the Argentinian prosecutor who was found dead days after accusing Argentina's president of attempting to cover up a deal to protect Iranian officials from charges that they were involved in the bombing of a community center in 1994.