Home Malware Programs Botnets Jimmy Nukebot

Jimmy Nukebot

Posted: April 22, 2019

The Jimmy Nukebot is a backdoor Trojan and Trojan downloader that can perform a variety of attacks indirectly, according to the modules that a remote attacker selects. Examples of possible dangers from infections include the loss of screen-capturable data and the injection of corrupted content, such as phishing lures, into your Web browser. Users should keep anti-malware services available for removing the Jimmy Nukebot and its components efficiently.

The Banking Trojan that Ditched the 'Banking' Part

Banking Trojans are sources of concern for anyone that conducts financial transactions over the Internet, but a Trojan consists of more than just the – usually – small amount of code that dedicates itself to the user-oriented attack. The Jimmy Nukebot exemplifies just how far a Trojan can go, as a mutated version of a banking Trojan that no longer resembles a banking Trojan, at all. Threat actors modifying NeutrinoPOS have offloaded all of its spyware features to separate modules, and its body consists of little more than a loader for the other elements.

The Jimmy Nukebot's modules offer flexible configuration options, with threat actors choosing different payloads depending on the environment they're compromising per infection. The Trojan has almost no features, by itself, other than providing system information to the threat actor's C&C, receiving further instructions, and downloading the additional threats. While malware experts warn that this list is incomplete, some instances of the Jimmy Nukebot's modules attacking include:

  • Generating Monero cryptocurrency by 'mining' the computer (using its hardware resources, such as CPU and GPU, for running a repetitive mining program automatically).
  • Injecting corrupted Web content into the browser, such as tactic websites that collect your account credentials.
  • Taking screenshots.

Nuking Transformative Trojans Safely

Some of the Jimmy Nukebot's previously-seen modules include risks of permanent hardware damage or performance error, as well as the recurring danger of information's theft. Since its symptoms can be flexible incredibly, malware researchers recommend against scouting for the Jimmy Nukebot infections manually. Users should follow traditional precautions for securing their PC from its installation exploits and run anti-malware services for disinfection as it's appropriate.

Users can protect themselves from the Jimmy Nukebot infections through multiple strategies that apply to other categories of threats equally, such as file-locker Trojans, adware and spyware. Enable features like advertisements and JavaScript only on domains that you trust, avoid illicit downloading resources like cracked game torrents, and use strong passwords, particularly for any local networks or servers that you administrate. Most anti-malware solutions should be removing the Jimmy Nukebot at acceptable rates before it can begin downloading its other components and start attacking.

The Jimmy Nukebot is an oddly-casual name for a Trojan that's both old and substantially-changed beneath the hood. Programmers who are working with a robust base of code can do a lot – unfortunately, that includes Black Hat programmers, too.

Loading...