A new highly obfuscated malware dubbed Qealler designed to steal sensitive information from the infected machine. The malware is written in java.
The initial attack starts with social engineering technique, attackers send the victim a malicious JAR file disguised as an invoice-related file, when the user double-clicks to open the file, then malware will get downloaded from a compromised site.
Zscaler initially observed the campaign on Jan 21, 2019, and the malware is active for more than 2 weeks.
The JAR files were heavily obfuscated using an open source command-line tool ProGuard that shrinks, optimizes and obfuscates Java code.