This malware seems to be used for attacks installing cyptocurrency miners on infected machines. Other indicators leads to the assumption that attackers may also use this malware for other purposes (e.g. stealing access tokens for Discord chat app). Symantec describes this malware as complex and powerful: The malware is loaded as a server-side polymorphic JAR file.
|2022-03-29 ⋅ Symantec ⋅ |
Verblecon: Sophisticated New Loader Used in Low-level Attacks
There is no Yara-Signature yet.