detection icon

Short bio

OSX.Backdoor.Adwind is Mlwarebytes’ detection name for a cross-platform remote access tool (RAT) that was written in Java.


Users may notice their webcam is active while they are not using it. On examination they may also find a seemingly ranom named plist file in the user LaunchAgents folder.

Type and source of infection

OSX.Backdoor.Adwind was distributed by mail as a jar attachment. The backdoor is designed to perform a number of other backdoor activities, such as downloading and executing new malicious files, executing remote commands and sending data from the infected system to a server controlled by the hacker(s).


Malwarebytes for Mac detects and removes OSX.Backdoor.Adwind.


Malwarebytes for Mac will detect and remove the components of this malware.

Download and install the latest version of Malwarebytes for Mac.

Click the “Scan Now” button to perform a system scan.

If threats are detected during the scan, a count of detected threats is displayed. More detailed threat information is displayed after the scan completes.

Click “Confirm” to move the detected threats to Quarantaine.

If a restart is required to complete remediation of threats detected during a scan, you will be notified. When a restart is required, please remember to save all work before clicking “Restart”.