A couple of weeks ago, security researchers from Intego issued a report about a new Java backdoor Trojan called Jacksbot. At the time, the threat was considered low risk because no computers had been infected with it, but now, Trend Micro experts say that they’ve spotted it in the wild.Since it’s a Java application, Jacksbot can target not only Windows systems, but also Mac, Linux and any other OS that supports the Java Runtime Environment.
So far, experts found it on only two computers – one in Malaysia and one in Australia –, but this clearly shows that the malware’s developers are done playing nice.
Considering that one of Jacksbot’s capabilities is to steal Minecraft passwords, it’s believed that this might also have something to do with the way it’s spread.
“There is a possibility that this malware presents itself as a Minecraft modification to unsuspecting users as it contains the special command ‘MC for stealing Minecraft passwords from the compromised system,” Johanne Demetria, a threat response engineer at Trend Micro, explained.
Demetria claims that Jacksbot can be considered a remote access Trojan (RAT) because it’s capable of taking control of computers, and allow its master to execute various “backdoor commands.”
Although it can run on any platform that supports JRE, it appears that the backdoor mainly focuses on Windows. Experts say that the developers might be “testing the waters” for a multiplatform malware, but for the time being, judging by its code, it only works properly on Windows.
“Although there are only 2 infections right now, JACKSBOT and its kin may in fact be the next trend in the threat landscape considering the rapidly changing market. Additionally, it is likely that the authors will continue to improve the code to fully support infection for OS X and Linux,” Demetria noted.
In an update made to their initial post, Intego researchers have revealed that the RAT has been likely developed by a collective known as Redpois0n.