Jimmy is a banking trojan that contains code taken from the Neutrino PoS malware and NukeBot trojan. It receives modules from a remote server and installs them onto the infected device. The modules include web-injects and mining capabilities for the Monero cryptocurrency. The mining module contains an identifier for a cryptocurrency wallet extractor and pool address, which informed the researchers that the mining operation started about early July 2017. The web-inject modules can inject code into web pages, take screenshots, create proxy servers, and perform similar malicious activity to the Neutrino PoS malware.

Technical Details

  • Securelist provides technical details on the Jimmy banking trojan, here.