From ehackingnews.com
A java downloader going by the extension “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar” has been recently detected. Drawing inferences from its name, researchers suspected it to be associated with COVID-19 themed phishing attacks.
Running this file led to the download of an undetected malware sample that is written in Node.js; Node.js is an open-source, cross-platform, Javascript runtime environment that executes Javascript code outside of a browser and as it is primarily designed for web server development, there’s a very less probability of it being already installed onto systems.