OSX.Backdoor.Adwind

ThreatDown is now the name of the Malwarebytes line of business products. References to Malwarebytes below reflect the amazing technology used to first identify the threat.

Short bio

OSX.Backdoor.Adwind is Mlwarebytes’ detection name for a cross-platform remote access tool (RAT) that was written in Java.

Type of infection

OSX.Backdoor.Adwind was distributed by mail as a jar attachment. The backdoor is designed to perform a number of other backdoor activities, such as downloading and executing new malicious files, executing remote commands and sending data from the infected system to a server controlled by the hacker(s).

Malicious behavior

Users may notice their webcam is active while they are not using it. On examination they may also find a seemingly ranom named plist file in the user LaunchAgents folder.

Protection

Malwarebytes for Mac detects and removes OSX.Backdoor.Adwind.

Home remediation

Malwarebytes for Mac will detect and remove the components of this malware.

Download and install the latest version of Malwarebytes for Mac.

Click the “Scan Now” button to perform a system scan.

If threats are detected during the scan, a count of detected threats is displayed. More detailed threat information is displayed after the scan completes.

Click “Confirm” to move the detected threats to Quarantaine.

If a restart is required to complete remediation of threats detected during a scan, you will be notified. When a restart is required, please remember to save all work before clicking “Restart”.

Similiar detections

OSX.FrigidStealer OSX.Banshee OSX.Poseidon OSX.Pirrit OSX.AtomStealer OSX.Genieo OSX.MacStealer OSX.SmoothOperator OSX.MalProxy Ransom.OSX.EvilQuest View all OSX detections >

Products

Services

Why ThreatDown

Get Help

Managed Services Terms & Conditions

Detection Details