Malware
AdWind
aka AlienSpy · JSocket · Frutas · UNRECOM · JBifrost · Sockrat
Part of Malware-as-service platform Used as a generic name for Java-based RAT Functionality - collect general system and user information - terminate process -log keystroke -take screenshot and access
AdWind, also known as AlienSpy, JSocket, Frutas, UNRECOM, is a Java malware family.
Background
AdWind is a Malware-as-a-Service offering and serves as a catch-all label for this Java-based RAT. Its functionality includes gathering general system and user information, terminating processes, logging keystrokes, capturing screenshots and accessing the webcam, stealing cached passwords from local stores or web forms, downloading and running additional malware, modifying the registry, fetching extra components, launching denial-of-service attacks, and acquiring VPN certificates.
The malware typically arrives either as a JAR file attached to an email or via a malspam URL that downloads the payload. It establishes persistence through a Run key at HKCU\Software\Microsoft\Windows\CurrentVersion\Run and conceals itself using attrib.exe. AdWind is not known to be proxy aware.
Source: Malpedia (Fraunhofer FKIE).