A cross-platform remote access tool (RAT) attacking Windows, Linux and macOS operating systems. The malware is a java file and therefor can be executed on different OS.Apparently, in 2016 the malware added the macOS support. On execution it will create a LaunchAgent so it will survive a system reboot.The malware is able to download and execute additional malicious files, execute remote commands and collect and send data from infected machine.In September 2018, new Adwind campaign was discovered attacking macOS, Windows and Linux OS, which was mostly targeting users in Turkey, as the document used in the campaign was written in Turkish.The payload in this campaign was Adwind RAT version 3.0.


Source: talosintelligence


Links:


Samples:
d8b426700c3c10413abb8acdcfeccaaec8f06cd9