About Java Applets: Java applets are executed in a sandbox by most web browsers, preventing them from accessing local data like the clipboard or file system. If the code rquires those rights, the user has to allow it (manually by clicking “run”). The code of the applet is downloaded from a web server, after which the browser either embeds the applet into a web page or opens a new window showing the applet's user interface.
About Java Exploits: Java exploits represent a common attack vector used by the bad guys to infiltrate vulnerable computers via the web browser. The default security level for Java applets and web start applications has been increased from “Medium” to “High”. This affects the conditions under which Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the “High” setting the user is always warned before any unsigned application is run to prevent silent exploitation. This security enhancement eliminates the risk of silent exploitation using drive-by attacks via unsigned applets, which were possible before Java 7 update 11. This leaves attackers with no choice but to use social engineering techniques to convince users to click the Run button on the security warning dialog.
LUCY uses a signed Java Applet with its own company name. This is what users will see when they open a page that has an Applet Dropper activated:
Starting with 3.3 there are two types of applets available:
In case you picked the java dropper, please make sure you pick a path where the browser is allowed to write & execute files (like /temp folder):
In case you selected the java dropper, you still need to select the malware simulation that should be loaded & executed when the applet on landing page template is activated.