Several of the string manipulation techniques that are used to obfuscate JavaScript and ActionScript content are also used within Java. This allows for trivial obfuscation of some of the strings commonly used in malicious Java content. Commercial tools are also being used to protect/obfuscate the code. Blackhole Java components have aggressively used these simple string obfuscation techniques in an attempt to evade detection. Despite these efforts it is perhaps ironic that during the same period, the filenames often used for the JAR and class files were quite recognisable.”]
Source: https://nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit-12/