The current threat landscape is often driven by web-based malware and exploit kits that are regularly updated with newly found vulnerabilities.

Recently, we received an interesting malware binary–a JAR package that opens a back door for an attacker to execute commands and acts as a bot after infection.

This archive does not exploit any Java vulnerability. It was chosen as the infection vector because Java applications can run on multiple platforms with ease; thus this method widens the infection to a greater number of users. We have seen this type of attack in the past using executable files.