Priya Patel
TLDR:
- Financial organizations in APAC and MENA are being targeted by new malware called JSOutProx
- The malware utilizes JavaScript and .NET to conduct sophisticated attacks
A new version of malware called JSOutProx is targeting financial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) regions. This malware utilizes JavaScript and .NET to conduct sophisticated attacks, enabling it to load various plugins for malicious activities on the targeted machines. The malware has been linked to threat actors such as Solar Spider and has been used in campaigns targeting banks and government establishments in India. One of the unique features of JSOutProx is its use of the Cookie header field for command-and-control communications, making it harder to detect. The latest attacks involve fake SWIFT or MoneyGram payment notifications to trick recipients into executing malicious code, with artifacts hosted on GitHub and GitLab repositories. The origins of the e-crime group behind the malware are currently unknown, but the sophistication of the implant suggests ties to China. In addition, cyber criminals are promoting a new software called GEOBOX on the dark web, which poses serious security concerns for widespread adoption among various threat actors.
