Encrypted Java Archive Trojan bankers from Brazil

I have never bought a PlayStation and neither has my colleague Micha-san from Japan - well, in his case, at least not from Brazil. Nonetheless, we both received the same email notification:

208216073

In this instance cybercriminals from Brazil have used a new, yet very strange technique - spreading Trojan bankers via .Jar files. I say strange because even if you just click on a .jar file, it won't run unless you type "java -jar filename.jar" in the console; however this did not stop Brazilian cybercriminals and they even managed to spoof our email traps in Japan!

Let's take a look inside one such Brazilian Java Archive banker. The very first detection on VT 2014-02-01 13:18:57   0/50

After uncompressing and then disassembling, you will see the code encrypted with a substation cipher. This is how the code looks like before it

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *