Backdoor.Java.Adwind

Publication Date 04/10/2017
Class Backdoor
Platform Java
Description

A cross-platform multifunctional backdoor written in Java that can run on Windows, macOS, Linux, and Android. First discovered in 2013, this backdoor is sold on the darknet under the malware as a service (MaaS) model. Also known as AlienSpy, Frutas, Unrecom, Sockrat, JSocket, or jRat. The backdoor is most often distributed by email in the form of JAR attachments. Attackers use this malware to collect and extract system data, as well as remotely control the infected device. Currently the malware can: take screenshots, record keystrokes, steal passwords and data stored in browsers and web forms, take photos and videos using a webcam, make audio recordings using the built-in microphone, collect general information about the user and system, steal keys for cryptocurrency wallets as well as VPN certificates, and hijack SMS messaging.

Geographical distribution of attacks by the Backdoor.Java.Adwind family


Geographical distribution of attacks during the period from 10 April 2016 to 10 April 2017

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Italy 7.20
2 Germany 6.95
3 United Arab Emirates 5.28
4 Spain 5.22
5 Russian Federation 4.12
6 India 3.65
7 USA 3.57
8 Turkey 3.39
9 Vietnam 3.39
10 Austria 2.46

* Percentage among all unique Kaspersky Lab users worldwide attacked by this malware