Threat Database Trojans JAVA_OZNEB.B


By GoldSparrow in Trojans

JAVA_OZNEB.B is a new variation of an old Java RAT (remote access Trojan), which is named UNRECOM (Universal Remote Control Multi-Platform). It was known a while ago as Adwind. JAVA_OZNEB.B proliferates via spam email messages. The spam email messages that are used to disperse JAVA_OZNEB.B (UNRECOM) are allegedly sent by American Express. The fraudulent bank email messages announce victimized recipients that their accounts have been suspended due to suspicious activity. The bogus email message includes the infected attachment which is not a report, but a copy of the RAT named JAVA_OZNEB.B. When JAVA_OZNEB.B corrupts a PC, it takes screenshots, shows notifications and mines for Litecoins. The Litecoin-mining component is a plug-in. The authors of UNRECOM can embed other plug-ins and further improve JAVA_OZNEB.B. Litecoin is a cryptocurrency that is often known to be a well-known alternative to Bitcoin. The Litecoin plug-in can permit a remote cybercriminal to use an attacked PC to mine Litecoins. Mining digital currencies needs a lot of computing power, so target PC users may experience sluggish performance from their affected PCs.

File System Details

JAVA_OZNEB.B may create the following file(s):
# File Name Detections
1. %Application Data%\oracle\Desktop.ini
2. %Application Data%\oracle\olo.dll

Registry Details

JAVA_OZNEB.B may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run oracle = "%Application Data%\oracle\olo.dll"


JAVA_OZNEB.B may call the following URLs:

Related Posts


Most Viewed