(I'm posting about the invoice jars in this thread because it's the only thread on bitcointalk that mentions it)
It's not just cloudhashing.com, it seems as though somebody got into the mailing servers (or at least spoofed them, but it looks legit) of various large/largish bitcoin websites, i got one from btc-e.
I got an email from both btc-e.com and cloudhashing.com with this invoice_772.jar
Actually, cloudhashing.com was invoice_773.jar
The "From" header in an email is not authenticated in anyway.
These emails are being sent from compromised servers through the smtp.com email service.
Please forward the phishing email to
abuse@smtp.comThe .jar file contains a packed (ie disguised) trojan.
Whoever is doing this is rapidly modifying their technique and constantly changing the packing format.
It takes about 2 weeks for major AV products to update their signatures each time the attacker updates it, which unfortunately makes them basically useless.
tl;dr dont execute email attachments ending in .jar antivirus cant help you with this one!