A FOREX Trading website was injected with a malicious java applet that is designed to drop the malware file on visitors system.
A Popular FOREX (foreign exchange market) website called "Trading Forex" (tradingforex.com) has been infected by the malware, according to WebSense report.
Injected applet code |
The dropped backdoor from the Trading Forex website is written in Visual Basic.Net and requires the Microsoft's .NET framework to be successfully installed and operational on a victim's computer. It seems like hacker target only those who use .NET framework or they only know .NET coding?!
It is not usual Java exploit Jar . It is simple Java file that loads an exe file hosted in the malware site.
"Basically the Java code is just another Java loader which requires user interaction to successfully load the binary file '123.exe'. One interesting point in the screenshot above is that we can also see in the MANIFEST-INF that the Java applet has been signed with a certificate." Researcher said.