Remote Access Trojan

Adwind

First seen: 2012 • Status: active

Currently Active Threat

Adwind is a spy-for-hire program that works on any computer with Java, sold like a subscription service to criminals who want to hack people.

Overview

Adwind is a Java-based RAT sold as malware-as-a-service (MaaS). Its cross-platform capabilities and subscription model make it accessible to cybercriminals with limited technical skills.

Also Known As

jRAT, JSocket, AlienSpy, Frutas, Sockrat

How It Spreads

  • Spam campaigns
  • Malicious JAR files
  • Fake invoices

What It Does

  • Cross-platform RAT
  • Keylogging
  • Screenshot capture
  • Webcam access
  • File theft
  • Cryptocurrency wallet theft

Is your business exposed?

Target Platforms

Windows, macOS, Linux

Detection Tips

  • Monitor Java process activity
  • Check for suspicious JAR files
  • Analyze network traffic for Adwind patterns
  • Review cross-platform infection indicators

MITRE ATT&CK Techniques

T1566, T1059, T1056, T1113, T1005

If You're Infected

  1. 1.

    Remove malicious Java applications

  2. 2.

    Clean persistence mechanisms

  3. 3.

    Update Java to latest version

  4. 4.

    Consider disabling Java if not needed

Related Malware

Njrat, Remcos, Nanocore

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices