JS_JITON
Posted: April 12, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 12 |
| First Seen: | April 12, 2016 |
|---|---|
| Last Seen: | September 29, 2019 |
| OS(es) Affected: | Windows |
JS_JITON is a JavaScript-based Trojan that may proliferate through mobile device-based vulnerabilities and subvert the security of any local routers. Because JS_JITON is under regular development and has features removed or added frequently, the full scale of its potential and designed payload still is under investigation. However, router-hijacking attacks can collect passwords and compromise your PC through other attacks with minimal symptoms. Like all scenarios involving high-level threats, use your anti-malware products for identifying and removing JS_JITON.
The Malware Hopping from Your Phone to Your Router
Cybercrooks design many types of threatening software for compromising specific platforms or machines, or, at the most, implementing similar attacks on multiple platforms. However, more enterprising and industrious coders, such as the team responsible for the JS_JITON Trojan, can use different devices in entirely different ways for distributing threats and then launching a payload. JS_JITON circulates itself with the help of vulnerable, mobile devices, such as smartphones, but, instead of targeting the mobile devices, targets home router devices. From there, JS_JITON may affect the behavior of nearby desktop and laptop PCs.
Malware researchers can find evidence of JS_JITON's campaign beginning around late 2015, with attacks still continuing at the time of this article. Vulnerable websites, particularly (but not exclusively) ones associated with Russian or Asian Web traffic, are hacked and seeded with exploits for installing JS_JITON. Visitors using JavaScript-enabled and otherwise unprotected mobile devices to visit these sites will download JS_JITON automatically. Like the exploit delivering it, JS_JITON is based on JavaScript.
JS_JITON then may download a secondary component, JS_JITONDNS. This file may hijack nearby routers, specifically ones of the ZTE brand. The internal code also includes references to other router manufacturing companies. The Trojan may gain router access by inputting login combinations from a preset list, a technique known as 'brute forcing.' Once inside, the threat may modify the DNS settings, control how associated systems interact with the Web, and, potentially, hijack any Web browsers.
Snipping a Router Puppeteer's Strings
Even in the few months of its activity, JS_JITON has shown itself as being unusual for more than one reason. Its authors show an active interest in testing JS_JITON's deployment with various attacks, such as keylogging (the recording, and transmitting, of your keyboard-typed information), and use comment tags to restrict the potential features within the JS_JITON's code. Their willingness to add, remove and temporarily disable code between updates makes JS_JITON a Trojan that's re-designable for multiple tasks, unpredictably.
Router-hijacking threats like the JS_JITON Trojans are notable for their capabilities towards intercepting your network communications or redirecting your browser. These attacks may collect account login credentials, redirect you to misleading websites, or force you to load another threatening content. While you may be able to identify JS_JITON's symptoms by watching your router's settings closely, using an uncommon password and username combination will give your router a strong defense with minimal time investment.
Mobile device users also may disable JavaScript, or run it only on trusted websites, to block a JS_JITON attack. Scanning all affected devices with appropriate anti-malware tools can help you detect and delete JS_JITON, in case you enable JavaScript inappropriately. While focusing on Eastern regions, malware experts also saw JS_JITON infections in meaningful numbers elsewhere, such as in the Americas, making it a worldwide issue.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.