The threat group behind a complex JavaScript remote access Trojan (RAT) known as JSOutProx has released a new version of the malware to target organizations in the Middle East. Resecurity, a cybersecurity services firm, is analyzing technical details of multiple instances of the malware targeting financial customers. When the malware is targeting an enterprise, it delivers a fake SWIFT payment notification, and when it is targeting private citizens, it uses a MoneyGram template.
The threat group has targeted financial organizations in the Philippines, Laos, Singapore, Malaysia, India, and now Saudi Arabia. The group has also targeted government organizations in India and Taiwan. The newest version of the malware is well-organized and flexible, allowing the attackers to tailor it to the victim’s specific environment. The attacks are a latest campaign by a cybercriminal group known as Solar Spider and based on the group’s targets, it is likely linked to China, according to Resecurity.
Read More: Solar Spider Spins Up New Malware to Entrap Saudi Arabian Financial Firms