🚨 A new variant of the downloader JSSLoader was spotted 🚨

🚨 A new variant of the downloader JSSLoader was spotted 🚨
Userlevel 5
Badge +3
  • Community Manager
  • 25 replies

 

Proofpoint researchers observed a new variant of the downloader JSSLoader in several campaigns impacting a variety of organizations. This version of the malware loader was rewritten from .NET to the C++ programming language. This change, while not unheard of, is not a common occurrence and could be an effort by the threat actors utilizing JSSLoader to evade current detections. JSSLoader is often dropped in the first or second stage of a campaign and has the functionality to profile infected machines and load additional payloads.

 

 


0 replies

Be the first to reply!

Reply