Code refactoring is a popular technique that software developers use to, in simple terms, modify the internal structure of their program without changing its behavior at all. Malware developers also employ these techniques to improve their projects in various ways and this is where JSSLoader comes in. A threat that was intercepted and prevented within the network in December 2020.
The criminals behind JSSLoader chose to rewrite it using another programming language. While the original JSSLoader Trojan was written in .NET, the variant released in June 2021 is based on C ++. By doing this, this malware receives advantages such as disabling security flags and current detections. This was likely to have been the main goal of the JSSLoader developers: to evade antivirus and firewall software with the release of the new variant.
That is why it is so important to have a good reputation protection, these are updated to protect us from new threats as quickly as possible. Cybersecurity experts claim that the new JSSLoader variant does not present any improvement in terms of functionality. However, the malware is being distributed through new spam campaigns and additional tricks.
One of the ways you can get compromised with this threat is by phishing and in fact this was the same with the original JSSLoader threat. Clicking on the phishing link takes you to a private Sharepoint directory that stores a file which contains a VBScript that is why you should not trust everything that is sent to you by mail, it may well be real but at the same time it can be tricks of third parties. Like other Trojan loaders, this one doesn’t do much on its own either. It should be combined with an additional malware family – the goal of JSSLoader is to ensure that additional payloads load smoothly without generating red flags. The malware families used by the C++ variant of the JSSLoader Trojan may vary, but appear to be very similar to the arsenal of the FIN7 hacking group.
See also:
NativeZone – Solarwinds Authors Return
Netwalker Ransomware that uses the fear on Covid
[…] reads:JSSLoader – A Threat That Comes Back ImprovedZLoader – A Dangerous malware DistributorBazaLoader threat posing as legitimate […]
[…] also:JSSLoader – A Threat That Comes Back ImprovedAHK, the new malicious RAT distribution […]