Java/Spy.Minesteal [Threat Name] go to Threat
Java/Spy.Minesteal.A [Threat Variant Name]
|Detection created||Mar 02, 2013|
|Signature database version||8069|
|Signature Windows Mobile db version||3.725|
|Signature Symbian db version||3.736|
Java/Spy.Minesteal.A is a trojan that steals sensitive information. The trojan collects various information related to online computer games. The trojan attempts to send gathered information to a remote machine.
When executed the trojan displays the following dialog box:
The trojan contains a list of (2) URLs.
It tries to download several files from the addresses. The HTTP protocol is used.
These are stored in the following locations:
- %userprofile%\Application Data\SysJar (Microsoft Windows)
- $HOME/Library/LaunchAgents/SysJar (Mac OS X)
The trojan may create the following files:
- $HOME/Library/LaunchAgents/SysJar.plist (Mac OS X)
- $HOME/Library/LaunchAgents/%pluginname%.plist (Mac OS X)
The trojan may set the following Registry entries:
- "%pluginname%" = "%malwarefilepath%"
- "SysJar" = "%malwarefilepath%"
This way the trojan ensures that the file is executed on every system start.
The %pluginname% is one of the following strings:
Java/Spy.Minesteal.A is a trojan that steals account names and passwords for the following online games:
The trojan attempts to send gathered information to a remote machine.
The trojan sends the information via e-mail.
The trojan acquires data and commands from a remote computer or the Internet.
It can execute the following operations:
- download files from a remote computer and/or the Internet
- send gathered information