Adwind is a trojan (also known as jRAT, AlienSpy, JSocket, and Sockrat) is targeting the utilities sector via malspam that uses URL redirection to deliver malicious payloads. The embedded image in the email contains a malicious URL and is camouflaged as a PDF attachment. Adwind can record video and sound, snap photos using the infected machine's webcam, mine for cryptocurrency, and harvest cryptocurrency wallet information. It is distributed to threat actors as a malware-as-a-service (or MaaS) and can evade detection by most anti-malware solutions.

Technical Details

  • Bleeping Computer provides technical analysis on the Adwind trojan, available here.