Verblecon malware loader used in stealthy crypto mining attacks


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
Security researchers are warning of a relatively new malware loader, that they track as Verblecon, which is sufficiently complex and powerful for ransomware and espionage attacks, although it is currently used for low-reward attacks. Verblecon was spotted earlier this year and the known samples enjoy a low detection rate due to the polymorphic nature of the code.

Researchers from Symantec, a division of Broadcom Software, discovered Verblecon in January this year and observed it being used in attacks that installed cryptocurrency miners on compromised machines.

Some clues also point to the attacker being interested in stealing access tokens for the Discord chat app, the researchers say, adding that these goals are in contrast with Verblecon’s realistic potential for far more damaging attacks. The malware is Java-based and its polymorphic nature is what allows it to slip into compromised systems, in many cases undetected.

“The fact that the file is polymorphic means that, due to encryption and obfuscation, the code of the malware payload looks different each time it is downloaded. Attackers generally pack malware in this way in an effort to evade detection by security software” - Symantec, a division of Broadcom Software


About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.