Phishing defense firm Cofense has observed a new phishing campaign targeting national grid utility infrastructure. The new campaign includes what appears to be a PDF attachment, but is actually a jpg file with an embedded malicious hyperlink directing users to a malicious webpage that downloads Adwind RAT (also known as jRAT, AlienSpy, JSocket, etc.). Adwind RAT evades most antivirus and antimalware detection and foils sandbox analysis. Adwind’s additional functionality includes harvesting credentials (from Chrome, Internet Explorer, and Edge), capturing screenshots, recording video and audio, transferring files, keylogging, stealing VPN certificates, etc. The phishing lure is a standard financial type subject with a simple body asking users to sign and return the remittance advice. Perch users subscribed to the WaterISAC Community will be able to detect this Adwind RAT campaign within their environments. Read the analysis at Cofense