Posts

Jamm.to is a virus, downvote any spam bots you see posting it.

avatar of @death-and-taxes
25
death-and-taxes
@death-and-taxes
·
0 views
·
1 min read

This is from a reply I made to someone, I figured this is important public knowledge so I'm making it into its own post.

It's a scam, has a Remote Access Tool embedded in it with a keylogger, screenshot tool, possibly more functions. Likely steals wallets and then waits for you to enter the decryption password to steal your coins, either that or it's a botnet.

Uses an interesting method of obfuscating the IP addresses it connects to, they're hidden behind pastebin links.

Like so, with contents next to link if they're pulled down or changed later: https://pastebin.com/raw/DF8Gikrk 193.38.55.4 https://pastebin.com/raw/UbTZx6kd 213.226.100.140 https://pastebin.com/raw/bfQiiqyv 193.38.55.4 https://pastebin.com/raw/r12wBrC7 213.226.100.140

The person behind this has done it before, previously it was called eTrader but they did a terrible job of hiding the malware and it set off antiviruses.

Whoever made this did not hide it well, they went just far enough to make antiviruses not detect it but it's extremely obvious within less than two minutes of basic manual analysis.

Note: This analysis is of the Mac/Linux download, the Windows download may be far worse.

Stay safe out there and do your best to avoid malware like this.