Jimmy Nukebot Description
Jimmy Nukebot is a banking Trojan derived from the source code of the NeutrinoPOS banking Trojan. This particular variant is just one of many that were born from the leak, but unlike NeutrinoPOS, Jimmy Nukebot lost the functionality to collect credit card information. Jimmy Nukebot can perform other threatening functions of a wider range, such as being a downloader for several unsafe payloads. It also may act as a backdoor that allows threat actors to monitor activities on the infected machines.
The malware was seen downloading a wide range of modules, such as the Monero cryptocurrency mining malware, Web injects similar to its parent NeutrinoPOS and other modules that improve upon what can be done with Jimmy Nukebot. The malware also may take screenshots from infected devices with the aim of exfiltrating data and downloading more harmful payloads.
The publication of the NeutrinoPOS source code resulted in a new wave of malware and a rise in its use. To evade detection, the new malware deriving from it such as Jimmy Nukebot had to undergo changes and modifications, restructuring it and making the analysis more difficult. Since the malware works on collecting information passively, chances are its detection will be harder by most antimalware software so that users are advised to keep an eye for suspicious activity, as well as running regular scans.