Developer cleans up Minecraft trojan

Powered by SC Magazine
 

Trend Micro spots RAT in Australia.

The developer behind a new remote access trojan (RAT) has moved to legitimise the app after security researchers claimed it was designed to steal passwords from the popular game Minecraft.

The current iteration of the Java RAT (jRAT) was designed to work on Windows machines but could be later designed to operate on Mac and Linux platforms.

Intego blogger Lisa Myers first reported on jRat last month which she found sniffing out Minecraft credentials.  

jRat

She pointed out it was capable of performing denial of service attacks, stealing passwords and directing users to websites “likely to perform clickfraud”.

Trend Micro’s anti-virus engines grabbed jRAT from an Australian user, one of two in the world found to have the app.  

Threat response engineer Johanne Demetria said in a post that it was more dangerous than Myers reported.

“We noted some JacksBot (jRAT) infection in the wild, indicating that the people behind this multiplatform malware are saving their best tricks for last,” Demetria wrote.

“When it was first reported, it was considered low risk and no actual infection was recorded.

"However, days after the report was released, Trend Micro successfully cleaned two infection counts; one in Australia and one in Malaysia. This indicates that the malware is now being distributed in the wild.”

The jRAT developer, using the handle Redpois0n, responded by claiming the application was not intended to be malicious.

Redpois0n published two applications — a reverse engineering tool which could extract jRAT servers from the app and a remover which would remove jRAT installations.

Redpois0n also stripped out the denial of service functionality and forced the tool to be visible when installed.

“This was made for controlling your own machines from distance, and I personally use it to transfer files from my laptop to my main computer,” Redpois0n said in a since deleted post.

“About the ‘denial of service attacks’, those features will be hidden or removed because you have pointed out they can be used for exactly that.

“About visiting remote URLs, is only a simple open website(s) on remote machine feature, nothing related to clickfraud.”

The move to legitimise jRat follows similar work by coder Jean-Pierre Lesuer who also last month stripped shady features from the popular DarkComet RAT.

DarkComet

Like jRAT, DarkComet was designed as a tool to help users access their remote machines, but it was also a favourite of criminals and was reportedly used in Syria to spy on activists.

DarkComet was stripped of the ability to configure a stub to target a computer and install silently, and of functions to “hijack the software and to commit illegal actions”, Lesuer wrote.

Copyright © SC Magazine, Australia


Developer cleans up Minecraft trojan
 
 
 
Top Stories
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  21%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 853

Vote