What is JellyfishLoader
JellyfishLoader is a newly discovered malware that poses a significant threat, especially with the upcoming 2024 Olympics in Paris. This malicious software is a .NET-based shellcode downloader masquerading as a Windows shortcut file, commonly distributed through phishing campaigns. Upon execution, it downloads and runs additional malicious payloads, making it a versatile and dangerous tool for cyber attackers. Notably, JellyfishLoader shares code similarities with malware used in previous Olympic cyberattacks, indicating a potential link to the same threat actors. It leverages asynchronous operations and efficient SSL certificate validation to ensure secure communication with its command and control server. Additionally, it collects detailed system information and employs Base64 encryption to transmit this data to its operators. Vigilance and robust anti-malware solutions are critical in detecting and mitigating the risks posed by JellyfishLoader.
How JellyfishLoader infected your system
JellyfishLoader primarily infiltrates computers through sophisticated phishing or spear-phishing campaigns. The initial infection vector involves a double-extended zip archive, such as “Lisa.pdf.zip,” which contains a file named “Lisa.pdf.lnk” masquerading as a harmless PDF document. When the user opens this file, a script is executed that initiates the download of the JellyfishLoader payload via a command to “mshta.exe.” The payload, a .NET executable named “BinSvc.exe,” is subsequently downloaded and executed, embedding itself in the system by creating a persistence mechanism in the Windows registry. Once active, JellyfishLoader collects detailed system information and establishes communication with a command and control (C2) server, allowing remote attackers to execute further malicious actions. This malware’s sophisticated fingerprinting and secure communication methods make it particularly adept at evading traditional detection mechanisms.
- Download JellyfishLoader Removal Tool
- Use Windows Malicious Software Removal Tool to remove JellyfishLoader
- Use Autoruns to remove JellyfishLoader
- Files, folders and registry keys of JellyfishLoader
- Other aliases of JellyfishLoader
- How to protect from threats, like JellyfishLoader
Download Removal Tool
To remove JellyfishLoader completely, we recommend you to use SpyHunter 5. It can help you remove files, folders, and registry keys of JellyfishLoader and provides active protection from viruses, trojans, backdoors. The trial version of Spyhunter 5 offers virus scan and 1-time removal for FREE.
Download Alternative Removal Tool
To remove JellyfishLoader completely, we recommend you to use Malwarebytes Anti-Malware. It detects and removes all files, folders, and registry keys of JellyfishLoader and several millions of other malware, like viruses, trojans, backdoors.
Remove JellyfishLoader manually
Manual removal of JellyfishLoader by inexperienced users may become a difficult task because it does not create entries in Add/Remove Programs under Control Panel, does not install browser extensions, and uses random file names. However, there are pre-installed instruments in the Windows system, that allow you to detect and remove malware without using third-party applications. One of them is Windows Malicious Software Removal Tool. It comes with Windows Update in Windows 11, 10, 8. 8.1. For older operating system you can download it here: 64-bit version | 32-bit version.
Remove JellyfishLoader using Windows Malicious Software Removal Tool
- Type
mrtin the search box near Start Menu. - Run mrt clicking on found item.
- Click Next button.
- Choose one of the scan modes Quick scan, Full scan, Customize scan (Full scan recommended).
- Click Next button.
- Click on View detailed results of the scan link to view the scan details.
- Click Finish button.
Remove JellyfishLoader using Autoruns
JellyfishLoader often sets up to run at Windows startup as an Autorun entry or Scheduled task.
- Download Autoruns using this link.
- Extract the archive and run Autoruns.exe file.
- In Options menu make sure there are checkboxes near Hide Empty Locations, Hide Microsoft Entries, and Hide Windows Entries.
- Search for suspicious entries with weird names or running from locations like:
C:\{username}\AppData\Roaming. - Right-click on suspicious entry and choose Delete. This will prevent the threat to run at startup.
- Switch to Scheduled Tasks tab and do the same.
- To remove files themselves, click on suspicious entries and choose Jump to Entry…. Remove files or registry keys found.
Remove files, folder and registry keys of JellyfishLoader JellyfishLoader files and folders
{randomname}.exe
JellyfishLoader registry keys
no information
Aliases of JellyfishLoader no information How to protect from threats, like JellyfishLoader, in future
Standard Windows protection or any decent third-party antivirus (Norton, Avast, Kaspersky) should be able to detect and remove JellyfishLoader. However, if you got infected with JellyfishLoader with existing and updated security software, you may consider changing it. To feel safe and protect your PC from JellyfishLoader on all levels (browser, e-mail attachments, Word or Excel scripts, file system) we recommend a leading provider of internet security solutions – BitDefender. Its solutions both for home and business users proved to be one of the most advanced and effective. Choose and get your BitDefender protection via the button below:
