SYMBOLCOMMON_NAMEaka. SYNONYMS
jar.verblecon (Back to overview)

Verblecon


This malware seems to be used for attacks installing cryptocurrency miners on infected machines. Other indicators leads to the assumption that attackers may also use this malware for other purposes (e.g. stealing access tokens for Discord chat app). Symantec describes this malware as complex and powerful: The malware is loaded as a server-side polymorphic JAR file.

References
2022-03-29SymantecThreat Hunter Team
Verblecon: Sophisticated New Loader Used in Low-level Attacks
Verblecon

There is no Yara-Signature yet.