{"id":6737,"date":"2012-10-12T11:33:51","date_gmt":"2012-10-12T18:33:51","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=6737"},"modified":"2016-02-12T10:32:21","modified_gmt":"2016-02-12T18:32:21","slug":"new-multiplatform-backdoor-jacksbot-discovered","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/","title":{"rendered":"New Multiplatform Backdoor Jacksbot Discovered"},"content":{"rendered":"<p><strong>Update &#8211; October 15, 2012<\/strong><\/p>\n<p>Upon further analysis, it&#8217;s been determined that this trojan is the Java RAT (aka jRAT) created by the hacker\/programmer redpois0n.<\/p>\n<p>____<\/p>\n<p>A new Java backdoor trojan called Java\/Jacksbot.A has been discovered that has partial\u00a0multiplatform support. It is fully functional on Windows, and partially functional on OS X and Linux. This trojan is currently considered low risk as it is not known to have infected users, and it does not run without root permissions. Jacksbot has the usual backdoor functionality, including the following capabilities:<\/p>\n<ul>\n<li>gathering system information<\/li>\n<li>taking screenshots<\/li>\n<li>performing denial of service attacks<\/li>\n<li>deleting files<\/li>\n<li>stealing passwords (including specifically Minecraft passwords)<\/li>\n<li>visiting remote URLs, likely to perform Clickfraud<\/li>\n<\/ul>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/minecraft\/\" rel=\"attachment wp-att-6738\"><img loading=\"lazy\" class=\"size-full wp-image-6738 aligncenter\" style=\"border: 1px solid black;\" title=\"Minecraft\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/10\/Minecraft.png\" alt=\"\" width=\"446\" height=\"131\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/10\/Minecraft.png 446w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/10\/Minecraft-150x44.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/10\/Minecraft-300x88.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/10\/Minecraft-100x29.png 100w\" sizes=\"(max-width: 446px) 100vw, 446px\" \/><\/a><br \/>\n<em>This code is looking for Minecraft passwords.<\/em><\/p>\n<p>It appears likely that this trojan is intended to be dropped by another component that has not yet been identified. The present component will exit with an error message if the Java archive is not run with root permissions. There is also no functionality to trick the user into running the file. We will post additional information about the threat as more is discovered.<\/p>\n<p><a href=\"https:\/\/www.intego.com\/virusbarrier\">Intego VirusBarrier<\/a> users with up-to-date virus definitions are protected from this threat, which is detected as Java\/Jacksbot.A.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Update &#8211; October 15, 2012 Upon further analysis, it&#8217;s been determined that this trojan is the Java RAT (aka jRAT) created by the hacker\/programmer redpois0n. ____ A new Java backdoor trojan called Java\/Jacksbot.A has been discovered that has partial\u00a0multiplatform support. It is fully functional on Windows, and partially functional on OS X and Linux. This [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":8763,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190],"tags":[30,2767,86],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Update - October 15, 2012 Upon further analysis, it&#039;s been determined that this trojan is the Java RAT (aka jRAT) created by the hacker\/programmer\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Multiplatform Backdoor Jacksbot Discovered - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Update - October 15, 2012 Upon further analysis, it&#039;s been determined that this trojan is the Java RAT (aka jRAT) created by the hacker\/programmer\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2012-10-12T18:33:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-02-12T18:32:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lysa Myers\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\",\"width\":\"400\",\"height\":\"260\",\"caption\":\"Malware Alert from Intego\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/\",\"name\":\"New Multiplatform Backdoor Jacksbot Discovered - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#primaryimage\"},\"datePublished\":\"2012-10-12T18:33:51+00:00\",\"dateModified\":\"2016-02-12T18:32:21+00:00\",\"description\":\"Update - October 15, 2012 Upon further analysis, it's been determined that this trojan is the Java RAT (aka jRAT) created by the hacker\/programmer\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New Multiplatform Backdoor Jacksbot Discovered\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a\"},\"headline\":\"New Multiplatform Backdoor Jacksbot Discovered\",\"datePublished\":\"2012-10-12T18:33:51+00:00\",\"dateModified\":\"2016-02-12T18:32:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#webpage\"},\"wordCount\":210,\"commentCount\":6,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\",\"keywords\":[\"Backdoor\",\"Jacksbot\",\"Malware\"],\"articleSection\":[\"Malware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a\",\"name\":\"Lysa Myers\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g\",\"caption\":\"Lysa Myers\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/lysam\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Update - October 15, 2012 Upon further analysis, it's been determined that this trojan is the Java RAT (aka jRAT) created by the hacker\/programmer","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/","og_locale":"en_US","og_type":"article","og_title":"New Multiplatform Backdoor Jacksbot Discovered - The Mac Security Blog","og_description":"Update - October 15, 2012 Upon further analysis, it's been determined that this trojan is the Java RAT (aka jRAT) created by the hacker\/programmer","og_url":"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/","og_site_name":"The Mac Security Blog","article_published_time":"2012-10-12T18:33:51+00:00","article_modified_time":"2016-02-12T18:32:21+00:00","og_image":[{"width":"400","height":"260","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Lysa Myers","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","width":"400","height":"260","caption":"Malware Alert from Intego"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/","name":"New Multiplatform Backdoor Jacksbot Discovered - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#primaryimage"},"datePublished":"2012-10-12T18:33:51+00:00","dateModified":"2016-02-12T18:32:21+00:00","description":"Update - October 15, 2012 Upon further analysis, it's been determined that this trojan is the Java RAT (aka jRAT) created by the hacker\/programmer","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"New Multiplatform Backdoor Jacksbot Discovered"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a"},"headline":"New Multiplatform Backdoor Jacksbot Discovered","datePublished":"2012-10-12T18:33:51+00:00","dateModified":"2016-02-12T18:32:21+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#webpage"},"wordCount":210,"commentCount":6,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","keywords":["Backdoor","Jacksbot","Malware"],"articleSection":["Malware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/new-multiplatform-backdoor-jacksbot-discovered\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a","name":"Lysa Myers","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g","caption":"Lysa Myers"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/lysam\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-1KF","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/6737"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=6737"}],"version-history":[{"count":10,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/6737\/revisions"}],"predecessor-version":[{"id":6747,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/6737\/revisions\/6747"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/8763"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=6737"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=6737"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=6737"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}