Attention: We have transitioned to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access. While the app may appear unverified, you can confirm its legitimacy by verifying the App ID provided.
Exploit:Java/Blacole.X is a malicious Java applet that exploits the vulnerability described in CVE-2010-0840. Successful exploitation may lead to remote code execution.
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
Exploit:Java/Blacole.X is a malicious Java applet that exploits the vulnerability described in CVE-2010-0840. Successful exploitation may lead to remote code execution.
Installation
Exploit:Java/Blacole.X has been observed being distributed via malicious code also known as the "Blackhole" Exploit Kit. The malware could be encountered when visiting a webpage containing the malicious code.
The exploit is bundled within a JAR file together with several Java class files, as in the following example:
Option.class
Parser.class
SmartyPointer.class - detected as Exploit:Java/Blacole.X
ThreadParser.classXML.class
Payload
The exploit performs a privilege escalation on vulnerable versions of the Java Runtime Environment for Windows - up to and including version 6 update 18. Once it escapes Java's "sandbox" environment and gains unrestricted access to the host system, the applet attempts to download additional malware. The download URL is encrypted with a transposition cipher in the HTML that embeds the applet as a parameter.
