Summary: A malware campaign is utilizing the XLoader malware through DLL side-loading by exploiting the legitimate jarsigner application from the Eclipse Foundation. The attack involves a sequence where a renamed executable is run, leading to the execution of the XLoader payload, which is capable of stealing sensitive information. Notably, XLoader has evolved with new obfuscation methods and is available as a Malware-as-a-Service (MaaS).
Affected: Eclipse Foundation, users of the JAR signing tool “jarsigner”
Keypoints :
- XLoader propagates through a ZIP archive containing a modified executable and tampered DLLs.
- The malware gathers sensitive information from users and can download additional malicious software.
- New obfuscation techniques have been introduced to evade detection and complicate reverse engineering.
Source: https://thehackernews.com/2025/02/cybercriminals-use-eclipse-jarsigner-to.html
Views: 19
简体中文
Nederlands
Français
Bahasa Indonesia
日本語
Português