Adwind malware mastermind earns at least 200 thousand dollars each year

The Adwind malware uses JAVA to run on the device, this means that the malware can target Mac OSX, Linux and Windows – but what makes it interesting is the research of Kaspersky on the Adwind malware.

Adwind Kaspersky attack map

Kaspersky noticed that the Adwind malware was being sold on underground forums for prices ranging from 25 dollar to 300 dollar. The researchers explain that the malware is also known by other names.

The following names are a synonym for the Adwind Remote Access Tool (RAT):

  • AlienSpy
  • Frutas
  • Unrecom
  • Sockrat
  • JSocket
  • jRAT

Kaspersky explains that the first time they saw the malware was when they were doing a job for a bank in Singapore.

Our GReAT researchers discovered this malware platform during the attempted targeted attack against a bank in Singapore.

They also noticed that the malware was deployed at the bank via mail

The malware came in form of a malicious Java-file attached to a spear-phishing email, which was received by a targeted employee at the bank. Basically, it was a typical example of how this malware can be distributed.

The report states that the mastermind behind the Adwind malware could be one person, Kaspersky estimated that the Adwind mastermind is able to generate an online revenue of 200000 dollar each year by selling his Adwind RAT.

Of course, this person might also pass some tasks to the shoulders of outsourcers, but all the efforts seem to be covered by a good revenue: as far as we calculated, the whole service might bring $200,000 per year.

Kaspersky also stated that the criminals which use the RAT mainly focused on private individuals and small and medium businesses from a number of industries.