A notorious form of Trojan malware capable of infecting machines running Windows, Mac OSX, Linux and Android and more has resurfaced and this time it's targeting the global aerospace industry.

The US, Switzerland, Austria, Ukraine are the countries being most targeted by email spam campaigns attempting to deliver the Adwind remote access trojan - also known as AlienSpy, Frutas, Unrecom, Sockrat, JSocket and jRat. Adwind first appeared in 2013 and has been active ever since. The malware is capable of creating backdoors and conducting full-scale espionage against targets.

At the Security Analyst Summit 2016 our Global Research and Analysis Team has published extensive research on the Adwind Remote Access Tool. It has been developed for several years and distributed through a single malware-as-a-service platform, which means that anyone can pay small dollars for the service and use the malicious tool to their advantage.

GReAT researchers discovered this malware platform during the attempted targeted attack against a bank in Singapore. The malware came in form of a malicious Java-file attached to a spear-phishing email, which was received by a targeted employee at the bank.