More Java based malware discovered

Java Logo Big

Java has had its days. The awesome and powerful programming language was once used so widely that it was almost everywhere, and it is still. I still deal with JDKs, servlets, JSPs, and other Java related stuff every day at work, because it is just so powerful. But lately, it has become so insecure, and letting in all these attacks. Especially the web browser plug in of Java is very vulnerable to attacks and this makes the whole computer running it, very vulnerable.

Oracle patched the zero day vulnerability just a few days back, but there are two more new vulnerabilities discovered that could be a bit fatal for the users. CNET writes, “One, as noted by Kaspersky, is a recent exploit of the latest runtime’s attempts to install a McRAT executable by overwriting memory in the JVM that will trigger the executable to run. Once installed, the McRAT malware will attempt to contact command and control servers and copy itself into dll files in Windows systems.”

The other vulnerability has been discovered by Intego, and this one is not an issue with the web browser Java plug in. This is just a Java application or software that asks you to install it and then infects your computer. This software is called the Minecraft Hack Kit, and this comes with a password stealing Trojan. If you are a Minecraft player, you would want to get an upper hand in the game compared to your opponents, and you would want to try this new hack. So you download and install it. But when you are installing this, the software installs three applets along with it and also a launch agent script which keeps the software running all the time in the background.

This script then collects the user’s Minecraft credentials such as username and password and will email this to various Hotmail accounts. Even though this is a low security risk and of concern only to Minecraft players, we need to be careful of this.

Source: CNET