A cross-platform multifunctional backdoor written in Java that can run on Windows, macOS, Linux, and Android. First discovered in 2013, this backdoor is sold on the darknet under the malware as a service (MaaS) model. Also known as AlienSpy, Frutas, Unrecom, Sockrat, JSocket, or jRat. The backdoor is most often distributed by email in the form of JAR attachments. Attackers use this malware to collect and extract system data, as well as remotely control the infected device. Currently the malware can: take screenshots, record keystrokes, steal passwords and data stored in browsers and web forms, take photos and videos using a webcam, make audio recordings using the built-in microphone, collect general information about the user and system, steal keys for cryptocurrency wallets as well as VPN certificates, and hijack SMS messaging.
Geographical distribution of attacks by the Backdoor.Java.Adwind family
Top 10 countries with most attacked users (% of total attacks)
* Percentage among all unique Kaspersky Lab users worldwide attacked by this malware