A java downloader going by the extension “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar” has been recently detected. Drawing inferences from its name, researchers suspected it to be associated with COVID-19 themed phishing attacks.
The trojan that is suspected of employing the unconventional platform for bypassing detection has been labeled as ‘QNodeService’. The malware has been designed to perform a number of malicious functions including uploading, downloading, and executing files.
It is also configured to steal credentials stored in web browsers and perform file management etc. Currently, the malware appears to be targeting Windows systems only, however, the code signifies a potential for ‘cross-platform compatibility’, researchers concluded a possibility of the same being a ‘future goal’ for cybercriminals.
Cybercriminals are devising new methods all the time to design malware such as trojans to infect as many machines as possible without getting noticed.
To stay on a safer side, users are recommended to block malware from acquiring access via all the possible doorways like endpoints, networks, and emails.