Click anywhere to stop


Detect Date 04/10/2017
Class Backdoor
Platform Java

A cross-platform multifunctional backdoor written in Java that can run on Windows, macOS, Linux, and Android. First discovered in 2013, this backdoor is sold on the darknet under the malware as a service (MaaS) model. Also known as AlienSpy, Frutas, Unrecom, Sockrat, JSocket, or jRat. The backdoor is most often distributed by email in the form of JAR attachments. Attackers use this malware to collect and extract system data, as well as remotely control the infected device. Currently the malware can: take screenshots, record keystrokes, steal passwords and data stored in browsers and web forms, take photos and videos using a webcam, make audio recordings using the built-in microphone, collect general information about the user and system, steal keys for cryptocurrency wallets as well as VPN certificates, and hijack SMS messaging.

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Italy 7.20
2 Germany 6.95
3 United Arab Emirates 5.28
4 Spain 5.22
5 Russian Federation 4.12
6 India 3.65
7 USA 3.57
8 Turkey 3.39
9 Vietnam 3.39
10 Austria 2.46

* Percentage among all unique Kaspersky users worldwide attacked by this malware

Find out the statistics of the threats spreading in your region