Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - News & Analysis - Jimmy Nukebot Malware Trojan
News & Analysis

Jimmy Nukebot Malware Trojan

ISBuzz TeamBy ISBuzz TeamAugust 31, 2017Updated:July 4, 20245 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

The latest Neutrino modification delivered up a new malicious program classified by Kaspersky Lab as Trojan-Banker.Win32.Jimmy, an evolution of the “Jimmy Nukebot” trojan.

Experts from Cyphort and FireMon have commented on the malware, including technical aspects and advice for IT organizations.

Dr. Mounir Hahad, Senior Director of the Cyphort Labs:

 “Using checksums for API obfuscation is not by itself something new. It is frequently used by malware to make it harder for static analysis engines (like the vast majority of desktop Anti-Virus products)  to determine what the application is up. This modification to NeutrinoPOS makes it more difficult for AV engines that develop heuristics to catch this variant and newer ones. Behavioral analysis on the other hand couldn’t care less – at some point or another the malware will need Operating System support and all that activity can be easily monitored. And when combined with machine learning, it gives the behavioral analysis solution the best shot at detecting this kind of malicious activity.

As always, organizations who may face this kind of malware should ensure they have both signature-based and signature-less solutions in their environment. A combination of end point AV and network behavioral analysis solution will provide so much more coverage than an end point solution alone. Organizations should also make sure they invest in detection as much as prevention – if a virus is already implanted, you need to have a solution to detect the network callbacks, whether it’s an IDS type of solution or anomaly based.

If it goes undetected, this new variant of NeutrinoPOS will be able to act as a backdoor into the organization, allowing monitoring of user actions and exfiltration of any data the bad actors can lay their hands on. Given that it can install newly downloaded modules at will, the sky is the limit as to what it can be commandeered to do.”

Josh Mayfield, Platform Specialist at FireMon:

“The changes to the Jimmy trojan is significant and should not be ignored or brushed aside as ‘business as usual’.  For starters, the modification affords the Trojan an opportunity to learn versus instead of instantly executing malicious behavior (e.g. data theft).  This is the quintessential algorithmic process pairing of EXPLORE and EXPLOIT.

Computational models have these pair running simultaneously to maximize effects and outcomes.  We humans have this function in our neural system as well.  Every time you’re deciding what to have for dinner, you are computing – exploring options, exploiting the knowledge to maximize the outcome.

Jimmy is doing the same thing, “…limited solely to receiving modules from a remote node” in order to, “flexibly adapt to the goals and tasks set before a botnet to take advantage of a new source”.  This function allows Jimmy to gather information, be self-referential, and run through what it has explored for later use and exploitation.

Jimmy’s ongoing evolution is essential to maximizing the effects of later goals – a mirror image of how organisms evolve, adapting to the environment and modifying the base code (like DNA) to achieve a more survivable advantage.

This method is what should have organizations cognizant of Jimmy’s changes.  Historically, the attacker community would take advantage of widely applicable weaknesses and immediately went to exploitation.  But Jimmy takes note of the information it receives from a given specified target and tailors its payload to that specific environment.

Furthermore, since the bot is not deployed instantaneous, but remains in receiving mode, and organization’s own defenses can be turned against them.  These defenses can be covertly assessed by Jimmy thereby raising the probability of success – like knowing your opponent’s playbook before the game.

 Ultimately, Jimmy is a code sequence.  Organizations can take advantage of threat intelligence to gain insight into what’s possible in their environments.  Then, security teams can survey the environment to cross-reference where Jimmy could be hiding – threat hunting.

Secondly, organizations can ‘Red Team’ these situations by taking advantage of Jimmy for themselves.  By using Jimmy in their environments, they can proactively think like the enemy and discover their own weaknesses; provided they have the intellectual courage to take a hard look at their own shortcomings.

Lastly, organizations can adopt the assumption of compromise.  It is within this mindset that we can explore the potential problems we have not modeled.  Jimmy conform to models, it responds to the situation based on all the data it receives from passive reconnaissance.  This means, Jimmy will not trigger alerts.  An organization could be compromised, but without alerts, they may lull themselves into a false assurance because, “the models are not saying there is any problem”.

Jimmy will not be polite.  Jimmy will not tell you when it is in your environment with alerts that align with neatly defined models for Indication of Compromise (IOC) or Indications of Attack (IOA).  Don’t bother waiting for an alert.  You have to hunt for Jimmy, it’s the only way to find it.

End user education is a critical in the evolving landscape of trojans like Jimmy.  The average person is not going to be as well-informed about the threats or problems they face.  It is important to make users aware that these things exist, they can cause damage, and simple measures can be taken.  End users do not readily see the need for things like two-factor authentication, regular password resets, password complexity standards, and so on.  Awareness of just how dangerous the world can be, can help them to take their medicine.”

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

Exploited Faster, Patched Slower: Verizon DBIR 2026 Shows Security Teams Losing Ground

May 20, 20265 Mins Read

Security’s Blind Spot: The Threats Hiding in “Low-Severity” Alerts

May 6, 20265 Mins Read

Why OSINT deserves the same status as other intelligence disciplines

March 17, 20266 Mins Read
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}