Introduction
The developer of the RAT-type Adwind malware is a Mexican-based Spanish hacker and started selling the java-based remote access tool (RAT) called “Frutas” in the Adwind family in early 2012. It was changed at least seven times in the following years and was released under the names Adwind, UnReCoM, Alien Spy, JSocket, JBifrots,
UnknownRat and JConnectPro. Adwind RAT, a cross-platform, multi-functional malware program distributed through a single malware platform, is one of the main features that distinguishes it from other commercial malware, is that it is sold online. It is the clear distribution of the “customer” in the form of a paid service in which he pays a fee for the use of the malicious program. By the end of 2015, the system had approximately 1,800 users. This makes it one of the biggest malware platforms available today. Between 2013 and 2016, different versions of Adwind were used in attacks against at least 443,000 private users in the world, commercial and non-commercial organizations.
