The criminal group behind the Adwind RAT, one of the most actively deployed remote access trojans, has rebranded its product once again, this time returning to the malware market with the name of JBifrost.
This particular malware appeared in January 2012, under the name of Frutas RAT, and the following year, in January 2013, it rebranded as the Adwind RAT, a moniker that would stick with all security vendors.
JBiFrost RAT is Java-based, cross-platform, It poses a threat to several different operating systems, including Windows, Linux, MAC OS X, and Android. Based on past records, it exfiltrated intellectual property, Mimikatz is an open-source application that allows users to view and save authentication credentials like Kerberos. Best Android RAT:- I have published many articles on my blog regarding android hacks, best apps, and other things like best rat for android. This one is a compilation of the best android RAT tools to hack android phones remotely. So I noticed that there are some completely new beginners on our blog who wants to learn ethical hacking.
May 29, 2019 Bifrost rat is an advanced FREEWARE remote admin tool for those network administrators who wish to take complete control of all computers on their network, advanced firewall bypass means that you do not need to configure your existing firewalls to connect and with such features as file manager, screen capture, RAS pass manager you can always maintain complete control of the computer no matter. 17) The JBiFrost RAT is Java-based, cross-platform and multifunctional. It poses a threat to several different operating systems, including Windows, Linux, MAC OS X and Android. 18) JBiFrost allows actors to pivot and move laterally across a network or install additional malicious software.
As malware campaigns and the RAT's activity were exposed across the years, the crooks would always change the malware's name time and time again. Adwind rebranded as the Unrecom RAT in February 2014, as AlienSpy in October 2014, and as JSocket RAT in June 2015.
JSocket shuts down, and JBifrost appears three months later
After a scorching in-depth report published by Kaspersky in February 2016, the latest incarnation of this RAT known as JSocket shut down soon after. Php full form.
According to researchers from security vendor Fortinet, the people behind Adwind have gone through the old motions of rebranding their product once again, which, three months later, reappeared on the market on May 15, 2016, as the JBifrost RAT.
Fortinet researchers are 100 percent positive this is a rebranded Adwind RAT, with a new GUI, and only a small set of new features when compared with its previous reincarnation, JSocket.
Adwind (JBifrost) website is now a closed community
The JBifrost website is not available to anyone anymore, and unlike previous instances where anyone could buy the RAT, users now need an invitation code to register on the JBifrost website and purchase the RAT.
Crooks are selling JBifrost as a monthly subscription, $45 for the first month and $40 for a subscription renewal.
Another big change in how the crooks operate is in how they collect their money. Previously, they accepted payments via PerfectMoney, CoinPayments, Advcash, EntroMoney, and Bitcoin.
This time around, they only take Bitcoin, most likely because the other payment methods are not anonymous and may lead law enforcement back to the crooks.
Taking into account Kaspersky's long-standing cooperation with law enforcement agencies around the world, the Adwind gang seems to be legitimately scared and have taken precautions to hide their operations like never before.
JBifrost comes with minimal changes compared to Adwind
As for the JBifrost changes compared to JSocket, Fortinet said it detected only minor changes that include a new column that shows an infected victim's keyboard status (in use or not), and a new column that shows the title of the victim's current window.
Jbifrost Rat For Android Apk
There is also a new tab called Misc that allows users to configure additional JBifrost servers, as well as a new feature that lets attackers grab data from web forms displayed inside the Google Chrome browser.
At the time of its analysis, Fortinet says the JBifrost malware had been downloaded from the homepage 1,566 times, and that it has been detected in live malware distribution campaigns.
Jbifrost Rat For Android App
'Based on our findings, it is clear that Adwind perpetrators intend to stay in business by simply rebranding their RAT whenever they appear in the news. They do so by migrating their current subscribers’ accounts to a new website,' Fortinet's Rommel Joven and Roland Dela Paz note. 'As of this writing, we can confirm that JBifrost RAT is currently being utilized in active attacks, including attacks related to business email compromise (BEC) schemes.'