Phishing Email with JNLP Attachment Leads to Eventual AzoRult Infection
released on 2021-01-22 @ 08:39:49 PM
Security Researcher Xavier Mertens (@xme) recently spotted suspicious emails with attached files that contain a JNLP file extension. JNLP files are XML files, Java Network Launching Protocol, which contain all the necessary information to download and execute a Java program. In this investigation the JNLP file retrieves a simple JAR downloader which leads to a final AzoRult payload being downloaded and executed.