Java/Spy.Minesteal [Threat Name] go to Threat

Java/Spy.Minesteal.A [Threat Variant Name]

Category trojan
Size 113879 B
Detection created Mar 02, 2013
Signature database version 8069
Signature Windows Mobile db version 3.725
Signature Symbian db version 3.736
Aliases TrojanSpy:Java/Minesteal.A (Microsoft)
  Java.Minesteal (Symantec)
  Java:Malware-gen (Avast)
Short description

Java/Spy.Minesteal.A is a trojan that steals sensitive information. The trojan collects various information related to online computer games. The trojan attempts to send gathered information to a remote machine.

Installation

When executed the trojan displays the following dialog box:

The trojan contains a list of (2) URLs.


It tries to download several files from the addresses. The HTTP protocol is used.


These are stored in the following locations:

  • %userprofile%\­Application Data\­SysJar (Microsoft Windows)
  • $HOME/Library/LaunchAgents/SysJar (Mac OS X)

The trojan may create the following files:

  • $HOME/Library/LaunchAgents/SysJar.plist (Mac OS X)
  • $HOME/Library/LaunchAgents/%pluginname%.plist (Mac OS X)

The trojan may set the following Registry entries:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%pluginname%" = "%malwarefilepath%"
  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "SysJar" = "%malwarefilepath%"

This way the trojan ensures that the file is executed on every system start.


The %pluginname% is one of the following strings:

  • minesender
  • SecCorrect
Information stealing

Java/Spy.Minesteal.A is a trojan that steals account names and passwords for the following online games:

  • Minecraft

The trojan attempts to send gathered information to a remote machine.


The trojan sends the information via e-mail.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • send gathered information

Please enable Javascript to ensure correct displaying of this content and refresh this page.