Many users are rushing these days to update their Java installations to protect themselves against cyberattacks that leverage the exploit affecting Java 7 Update 10. However, experts warn that users should be careful where they get their updates from.Trend Micro researchers have come across a piece of malware disguised as “Java Update 11.” The fake update file, javaupdate11.jar, contains a class file called javaupdate11.class, which downloads and executes a backdoor malware.
Once it steps into play, the backdoor allows the attackers to take control of the infected computers.
The malware itself does not exploit the latest Java vulnerability. Instead, cybercriminals are simply leveraging its reputation to lure internauts to their website and get them to install the malicious application without giving it another thought.
Users are advised to download the latest version of Java only from trusted sources. Those who don’t need it are recommended to uninstall it from their systems altogether.