Cross-platform malware Jacksbot found in the wild
Published November 1st, 2012 at 7:19 AM EDT , modified November 1st, 2012 at 9:47 PM EDT
It has been fairly quiet in the Mac malware world lately, but there is one minor annoyance that has finally surfaced. A couple weeks ago, Intego announced discovery of a new cross-platform remote access tool, which they called Jacksbot. At the time, although they called it a trojan, they had never seen it in the wild, and had no idea how it would get installed on a user’s machine. According to a post on the Trend Micro website on Tuesday, however, it has now been found on a couple machines in the wild.
Jacksbot is a Java application, which allows it to run on any system. Note that this is different from a Java applet embedded on a web site. Java applications are downloaded and opened just like any other application, except that they require a Java Runtime Environment (JRE) to be installed and enabled in order to run. So, from the start, Jacksbot’s effectiveness in Mac OS X will be limited, since recent versions of Mac OS X no longer include a JRE by default and will disable Java systemwide after about a month of disuse.
However, although Jacksbot can be used as a multi-purpose remote access tool, it appears to be specifically designed to look for Minecraft passwords. Since Minecraft requires Java, and frequent players of Minecraft will have Java installed and enabled, they will be vulnerable to this malware. Trend Micro does not know how this malware gets onto people’s systems either, but they theorize that it may be pretending to be a Minecraft mod, to be downloaded and installed by players who want to change the behavior of Minecraft somehow.
It also appears, according to Trend Micro, that the malware authors have primarily focused on Windows. How focused on Windows it is is left a little vague by Trend Micro, and the example they give of functionality that only works on Windows is rather non-threatening. It’s safe to assume some functionality won’t work on a Mac, but how much and what functionality is up in the air to some degree.
Ultimately, this malware is not a serious threat to Mac users at this point. If you happen to play Minecraft, though, you should probably be cautious about what mods you download. Of course, that is simply good general advice anyway, as there have been other malicious Minecraft mods in the past. Minecraft mods appear to be Java code, and as such can probably do anything a Java app could do.