APT / THREAT GROUP
Verblecon
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
This malware seems to be used for attacks installing cryptocurrency miners on infected machines. Other indicators leads to the assumption that attackers may also use this malware for other purposes (e.g. stealing access tokens for Discord chat app). Symantec describes this malware as complex and powerful: The malware is loaded as a server-side polymorphic JAR file.
Threat Analysis
Verblecon is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
jar.verbleconVerblecon
External Intelligence
Malpedia: jar.verbleconResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.