How to detect and delete the Jacksbot malware?

Watch out for a Jacksbot virus

Also known as jRAT, Jacksbot is a remote access trojan (RAT) virus, capable of taking over a Mac and recording everything from passwords you type to screenshots. It is a cross-platform virus, but only capable of running on anything that operates Java.

Jacksbot is written in Java, which means newer Macs should be safe. Unless you’ve got Java enabled, or are using an older OS X that still supports Java. It is still loose in the wild, and one of the ways it is getting into Macs is through the following email attachment: Doc-172394856.jar. Unlike other viruses, the .jar instead of .pdf or JPEG is a sign that it isn’t a legitimate program.

Most macOS Gatekeepers will prevent anything from opening that isn’t code designed and comes from a verified developer, so unless you’ve got Java enabled you should be safe. However, this malware is worth watching out for and if you've not scanned your Mac for viruses in a while, it is a RAT that should be removed.


Why is Jacksbot dangerous?

jRAT is part of a family of viruses that create a backdoor into computers, then they take control of the operating system. One of the ways it has been spotted is in the disguise of a Minecraft update. A game still popular with millions, which is why the virus spread through file sharing and torrent sites, and continues to do so in new formats.

Once an operating system is compromised, the jRAT malware can take control of any of the following:

  • Web browsers
  • Microphones
  • Chat systems
  • Restart
  • Shutdown
  • Cameras

When security analysts have looked deeper into the Jacksbot malware code, it is seemingly capable of visiting websites and redirecting traffic, creating and/or stealing files and folders, and running shell commands. It can capture screenshots and even take over a Mac to take part in a DDoS attack.

Cyber security experts have found that this malware sends communications to this server: jmcoru(dot)alcatelupd(dot)xyz.

When a program such as this is running in the background, you may notice a higher than average CPU or GPU. Depending on the level of sophistication - and this RAT is fairly sophisticated - they can even operate and steal files when your Mac isn’t running. Another reason to scan and remove it as soon as you can.

what is megabackup

How to remove Jacksbot manually

Unlike some remote access trojan malware viruses, finding where this one is hiding is somewhat easier. Cyber security experts have found that the file name is org.yrGfjOQJztZ.plist. It is usually downloaded into a Mac LaunchAgents folder, and the Java application it creates is known as BgHSYtccjkN.ELbrtQ, which can be found in a hidden folder with Libraries (one of the Mac hidden folders).

Of course, similar to other malware viruses, there could be elements of the program lurking around the operating system, so if you are attempting to remove it manually, a thorough search is needed.

Can Jacksbot be removed safely?

Yes, it can, with the help of an app like CleanMyMac X.

CleanMyMac X is powerful Mac guardian. It keeps your Mac safe from remote access trojans, malware, ransomware, and adware. CleanMyMac X performs many other roles: it is a performance improvement tool, uncovering and clearing loads of junk from your Mac, making sure it operates as good as new. 

When it comes to unwanted adware, here is how you use it to restore your Mac to order:

  1. Download CleanMyMac X;
  2. Click on the Malware Removal tab;
  3. Click scan to scan the system for Jacksbot and anything else hiding in your Mac;
  4. CleanMyMac X will highlight the viruses;
  5. Click Remove and Jacksbot and anything else will be safely removed.

Although far from harmless, Jacksbot or jRAT is not a risk to most Macs, unless you’ve got Java enabled. Thankfully, it can be uncovered and removed fairly easily. Either this can be done manually or quickly and safely using CleanMyMac X.

CleanMyMac X
CleanMyMac X

Your Mac. As good as new.