New wave of JSOutProx malware targeting financial companies in Asia Pacific and MENA

ReportApril 5, 2024Editorial DepartmentCyber ​​espionage/cyber security

JSOutProx malware

Financial organizations in Asia Pacific (APAC) and the Middle East and North Africa (MENA) are being targeted by new versions of “evolving threats” JSOutProx.

“JSOutProx is a sophisticated attack framework that leverages JavaScript and .NET,” Resecurity said in a technical report released this week.

“It leverages .NET (des)serialization capabilities to interact with core JavaScript modules running on the victim’s computer. Once executed, the malware causes the framework to load various plugins to perform other malicious activities on the target.”

First discovered by Yoroi in December 2019, early attacks distributing JSOutProx were attributed to threat actors tracked as Solar Spider. Strike operating records of banks and other large companies in Asia and Europe.

In late 2021, Quick Heal Security Lab detailed an attack using a remote access Trojan (RAT) to specifically target employees of small financial banks in India. As early as April 2020, other campaign waves targeted Indian government institutions.

Internet security

The attack chain is known to utilize spear phishing emails with malicious JavaScript attachments disguised as PDF and ZIP files containing malicious HTA files to deploy heavily obfuscated implants.

Quick Heal noted: “The malware has various plug-ins to perform various operations, such as data exfiltration and file system operations.” [PDF] then. “Beyond that, it has a variety of attack-capable methods that can perform a variety of operations.”

These plug-ins enable them to obtain extensive information from infected hosts, control proxy settings, capture clipboard contents, access Microsoft Outlook account details, and collect one-time passwords from Symantec VIPs. A unique feature of this malware is the use of cookie header fields for command and control (C2) communications.

JSOutProx also represents the fact that it is a fully functional RAT implemented in JavaScript.

“JavaScript simply does not provide as much flexibility as PE files,” Fortinet FortiGuard Labs said in a December 2020 report describing a campaign targeting the monetary and financial sectors of Asian governments.

“However, since many websites use JavaScript, it appears to be benign to most users, as individuals with basic security knowledge are taught to avoid opening attachments ending in .exe. Additionally, since JavaScript code can be obfuscated , so it can easily bypass antivirus detection, allowing it to filter without being detected.”

The latest set of attacks documented by Resecurity involves using fake SWIFT or MoneyGram payment notifications to trick email recipients into executing malicious code. The activity is said to have spiked starting on February 8, 2024.

These artifacts have been observed being hosted on GitHub and GitLab repositories, but have since been blocked and removed.

“Once the malicious code is successfully delivered, the attacker deletes the repository and creates a new one,” the cybersecurity firm said. “This tactic may be consistent with the tactics used by attackers to manage multiple malicious payloads and differentiate targets. It’s about the way.”

Internet security

Resecurity believes that the exact origins of the electronic criminal organization behind the malware are currently unclear, but the distribution of victims in the attacks and the complexity of the implants suggest that they originate from or are connected to China.

The development comes as cybercriminals are promoting new software on the dark web called GEOBOX, which repurposes Raspberry Pi devices for fraud and anonymization.

For just $80 per month (or $700 for a lifetime license), the tool allows carriers to spoof GPS locations, emulate specific network and software settings, mimic settings of known Wi-Fi access points, and bypass anti-spoofing filter.

Such tools can create serious security risks because they open the door to a variety of criminal activities, such as state-sponsored attacks, corporate espionage, darknet market operations, financial fraud, anonymous distribution of malware, and even access to geofences content.

“GEOBOX’s ease of access raises serious concerns in the cybersecurity community about its potential for widespread adoption among a variety of threat actors,” Resecurity said.

Did you find this article interesting?follow us Twitter and LinkedIn to read more exclusive content from us.



Source link



from Tech Empire Solutions https://techempiresolutions.com/new-wave-of-jsoutprox-malware-targeting-financial-companies-in-asia-pacific-and-mena/
via https://techempiresolutions.com/

from Tech Empire Solutions https://techempiresolutions.blogspot.com/2024/04/new-wave-of-jsoutprox-malware-targeting.html
via https://techempiresolutions.com/

Comments

Post a Comment

Popular posts from this blog

Perfecta grill uses AI to help cook steaks in 90 seconds

Image
CES is increasingly becoming a barbecue show, and companies are constantly looking for ways to bring more technology to your deck or patio. One company adding artificial intelligence technology to its spice racks is Seergerills, a British startup made up of engineers and product developers. Its flagship model, the Perfecta, can cook a one-inch-thick rib-eye steak in 90 seconds. Overall, the company says the grill looks more like a see-through countertop oven and cooks food about 10 times faster than traditional cooking methods. Inside, dual vertical infrared burners cook both sides simultaneously, which not only speeds up the process but also eliminates the need for flipping. Seergerills says the burner has a maximum temperature of 1,652 degrees Fahrenheit, and the unit even ensures crisp edges thanks to 360-degree heating. The built-in artificial intelligence chef calculates the appropriate cooking time and temperature based on the food, taking into account the desired degree of done
Read more

John Wick heads to Vegas to visit interactive attractions

Image
image: Lionsgate If you’ve ever wanted to fully immerse yourself in John Wick , Lionsgate has got you covered. Later this year, action series is becoming “immersive and interactive” tourist attractions In Las Vegas. Grace Byers on horror and comedy in ‘The Dark’ According to the press release, John Wick Experience Produced in collaboration with series director Chad Stahelski and his production company 87Eleven. The 12,000-square-foot exhibit at the city’s AREA15 campus lets visitors “experience high-stakes adventures and visit themed bars and retail stores open to the public.” Guests will be given specific tasks involving characters and images from the film. They’ll also rub shoulders with Continental employees, crime bosses, and other assassins who (presumably) don’t come into contact with Wick’s bad side at any point in the movie, all in an effort to gain access to private Continental areas and learn about the interesting secret. Jenefer Brown, exec
Read more

Ford prepares for next war, Waymo recalls its self-driving car software, another self-driving startup lays off employees

Image
TechCrunch Mobility is a weekly newsletter dedicated to all things transportation. Sign up here – just click TechCrunch Mobility – and get the newsletter in your inbox every weekend. Subscription is free. welcome back TechCrunch Mobile — A central hub for news and insights about the future of transportation.This week’s news includes BMW Security breach exposes sensitive information, federal agencies fight back against Tesla super bowl ad and a new federal investigation Fisker . But first, I want to talk about my recent visit to the law, where I met some people Ford Executives understand their priorities for 2024 and beyond. It can be said with certainty Chinese electric vehicle manufacturer and Tesla is the most important; in the view of Ford executives, low-cost electric vehicles and cutting-edge software are the best ways to stop these threats. The company’s recently revealed Skunk Works project for electric vehicles is tasked with this task. Ford Chief Financial Officer J
Read more