<\/a><\/figure>\n\n\n\n
“The above suggests that there may be one other version of the malicious installer (SHA1: b8e97333fc1b5cd29a71299a8f82a541cabf4d59) and one other malicious\u00a0fffmpeg.exe<\/code>\u00a0(SHA1: b9d13055766d792abaf1d11f18c6ee7618155a0e). These binaries were first seen on the VirusTotal platform April 1, 2024.”<\/em><\/gwmw><\/p>\n\n\n\n
The researchers discovered<\/gwmw> two malicious JAVS Viewer packages on the vendor\u2019s server, they were signed with a certificate issued on February 10.<\/p>\n\n\n\n
On April 2, 2024, the X user @2RunJack2 first reported of the implant distributed by the official JAVS downloads page. <\/p>\n\n\n\n