Windows 7: Jacksbot Java malware can take control of Windows, Mac, and Linux

Two weeks ago, Mac security software company Intego discovered malware which it classified as “a new Java backdoor trojan called Java/Jacksbot.A.” New threats are discovered all the time, but Intego later concluded that even though Jacksbot is a variant of the Java remote access tool (RAT) created by the jailbreaking group Redpois0n, it can target multiple platforms.

A new Java backdoor trojan called Java/Jacksbot.A has been discovered that has partial multiplatform support. It is fully functional on Windows, and partially functional on OS X and Linux. This trojan is currently considered low risk as it is not known to have infected users, and it does not run without root permissions. Jacksbot has the usual backdoor functionality, including the following capabilities:
gathering system information
taking screenshots
performing denial of service attacks
deleting files
stealing passwords (including specifically Minecraft passwords)
visiting remote URLs, likely to perform Clickfraud

Contrary to initial reports, JACKSBOT may not be as low risk as initially thought. We noted some JACKSBOT infection in the wild, indicating that the people behind this multiplatform malware are saving their best tricks for last.

We analyzed the JACKSBOT backdoor family (specific detection name JAVA_JACKSBOT.A) that arrives as a Java application. Because it is a Java application, it can run on any platform that supports the Java Runtime Environment. When it was first reported, it was considered low risk and no actual infection was recorded. However, days after the report was released, Trend Micro successfully cleaned two infection counts; one in Australia and one in Malaysia. This indicates that the malware is now being distributed in the wild.

There is a possibility that this malware presents itself as a Minecraft modification to unsuspecting users as it contains the special command “MC” for stealing Minecraft passwords from the compromised system.