Â
Proofpoint researchers observed a new variant of the downloader JSSLoader in several campaigns impacting a variety of organizations. This version of the malware loader was rewritten from .NET to the C++ programming language. This change, while not unheard of, is not a common occurrence and could be an effort by the threat actors utilizing JSSLoader to evade current detections. JSSLoader is often dropped in the first or second stage of a campaign and has the functionality to profile infected machines and load additional payloads.
Â
Â