Jacksbot virus: How to detect and delete it on your Mac

Watch out for a Jacksbot virus

Also known as jRAT, Jacksbot is a remote access trojan (RAT) virus capable of taking over a Mac and recording everything from passwords you type to screenshots. It is a cross-platform virus but only capable of running on anything that operates Java.

Jacksbot is written in Java, which means newer Macs should be safe. Unless you’ve got Java enabled or are using an older macOS version that still supports Java (it is usually seen as a preference pane in System Preferences). It is still loose in the wild, and one of the ways it is getting into Macs is through the following email attachment: Doc-172394856.jar. Unlike other viruses, the .jar instead of .pdf or JPEG is a sign that it isn’t a legitimate program.

Gatekeeper in most macOS versions will prevent anything from opening that isn’t code designed and comes from a verified developer, so unless you’ve got Java-enabled, you should be safe. However, this malware is worth watching out for, and if you’ve not scanned your Mac for viruses in a while, it is a RAT that should be removed.

Why is Jacksbot dangerous?

jRAT is part of a family of viruses that create a backdoor into computers; then, they take control of the operating system. One of the ways it has been spotted is in the disguise of a Minecraft update. A game still popular with millions, which is why the virus spread through file sharing and torrent sites and continues to do so in new formats.

Once an operating system is compromised, the jRAT malware can take control of any of the following:

• Web browsers
• Microphones
• Chat systems
• Restart
• Shutdown
• Cameras

When security analysts have looked deeper into the Jacksbot malware code, it is seemingly capable of visiting websites, redirecting traffic, creating and/or stealing files and folders, and running shell commands. It can capture screenshots and even take over a Mac to take part in a DDoS attack.

Cybersecurity experts have found that this malware sends communications to this server: jmcoru(dot)alcatelupd(dot)xyz.

When a program such as this runs in the background, you may notice a higher-than-average CPU or GPU. Depending on the level of sophistication - and this RAT is fairly sophisticated - they can even operate and steal files when your Mac isn’t running. Another reason to scan and remove it as soon as you can.

How to remove Jacksbot manually

Unlike some remote access trojan malware viruses, finding where this one is hiding is somewhat easier. Cybersecurity experts have found that the file name is org.yrGfjOQJztZ.plist. It is usually downloaded into a Mac LaunchAgents folder, and the Java application it creates is known as BgHSYtccjkN.ELbrtQ can be found in a hidden folder with Libraries (one of the Mac hidden folders).

Of course, similar to other malware viruses, there could be elements of the program lurking around the operating system. If you are attempting to remove it manually, a thorough search is needed.

Can Jacksbot be removed safely?

Yes, it can, with the help of an app like CleanMyMac X.

CleanMyMac X is a powerful Mac guardian. It keeps your Mac safe from remote access trojans, malware, ransomware, and adware. CleanMyMac X performs many other roles: it is a performance improvement tool, uncovering and clearing loads of junk from your Mac, making sure it operates as good as new. 

When it comes to unwanted adware, here is how you use it to restore your Mac to order:

1. Download CleanMyMac X for free.
2. Click on the Malware Removal tab.
3. Click scan to scan the system for Jacksbot and anything else hiding in your Mac.
4. CleanMyMac X will highlight the viruses.
5. Click Remove, and Jacksbot and anything else will be safely removed.

Although far from harmless, Jacksbot or jRAT is not a risk to most Macs unless you’ve got Java enabled. Thankfully, it can be uncovered and removed fairly easily. Either this can be done manually or quickly and safely using CleanMyMac X.