Adwind, also referred to as AlienSpy and JSocket is a malware that is not only capable of stealing user credentials, but can also keylog, take screenshots, and record audio/video to spy on its victims. Brought into circulation by several cybercrime groups, it provides perpetrators with the ability to execute commands on victim’s devices, log keystrokes, capture screenshots and take pictures or transfer files. This leaves the victim’s device open to a wide range of exploits, and security breaches. Cisco claimed that it had previously been used to run cryptocurrency mining campaigns in addition to being used in a separate attack that specifically targeted the aviation industry.
Adwind was recently spotted attempting to steal cryptographic keys, which are used in cryptocurrency wallets. The recent attacks are a testament to the fact that antivirus softwares which are signature-based can be easily breached. Adwind was first spotted by experts at ReversingLabs. Following analysis by the experts at Cisco Talos, a majority of the victims of the new campaign were found to be located in Turkey.