HOMETHREATSVerblecon
APT / THREAT GROUP

Verblecon

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

This malware seems to be used for attacks installing cryptocurrency miners on infected machines. Other indicators leads to the assumption that attackers may also use this malware for other purposes (e.g. stealing access tokens for Discord chat app). Symantec describes this malware as complex and powerful: The malware is loaded as a server-side polymorphic JAR file.

Threat Analysis

Verblecon is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

jar.verbleconVerblecon

External Intelligence

Malpedia: jar.verblecon

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Verblecon — APT / Threat Group | Threat Intelligence | CTIWATCH.COM