Financial Institutions in APAC and MENA Facing New Wave of JSOutProx Malware

Published:

spot_img

Financial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) are under siege by a new cybersecurity threat known as JSOutProx. Resecurity, in a recent technical report, described JSOutProx as a sophisticated attack framework that combines JavaScript and .NET to carry out malicious activities on victims’ machines.

Initially discovered in December 2019 by Yoroi, JSOutProx has been linked to Solar Spider, a threat actor with a history of targeting banks and major companies in Asia and Europe. Recent attacks have focused on small finance banks in India and government establishments, using spear-phishing emails with malicious JavaScript attachments.

The malware, which acts as a remote access trojan (RAT), can exfiltrate data, manipulate files, control proxy settings, and access sensitive information like Microsoft Outlook account details and Symantec VIP passwords. A unique aspect of JSOutProx is its use of the Cookie header field for command-and-control communications.

Resecurity reported a surge in JSOutProx attacks starting February 8, 2024, with cyber criminals distributing fake payment notifications to trick recipients into executing the malicious code. The attackers have been hosting the malware on GitHub and GitLab repositories before taking them down and creating new ones to avoid detection.

While the exact origins of the e-crime group behind JSOutProx remain unknown, Resecurity believes they may have connections to China. This development coincides with the emergence of GEOBOX, a new tool on the dark web that repurposes Raspberry Pi devices for fraudulent activities.

The cybersecurity community is concerned about the widespread adoption of GEOBOX, as it could enable various threat actors to engage in state-sponsored attacks, financial fraud, and other illegal activities. The evolution of cyber threats like JSOutProx and tools like GEOBOX underscores the importance of robust cybersecurity measures for organizations in the financial sector.

spot_img

Related articles

Recent articles

Victoria’s Secret Website Temporarily Offline Due to Security Breach

The Victoria’s Secret website is currently offline due to a recent security incident, marking another significant cyber event affecting the retail industry....

TGS to Join 2025 U.S.-Africa Energy Forum as Data Activity in Africa Grows

U.S.-Africa Energy Forum: A Platform for Innovation and Investment Introduction to the Forum The U.S.-Africa Energy Forum (USAEF) is set to take place in Houston on...

Victoria’s Secret Faces Outage After Cybersecurity Breach

Victoria’s Secret Faces Disruption Amid Cybersecurity Incident Victoria’s Secret, a leading name in lingerie and fashion, is currently navigating significant disruptions following a cybersecurity incident...

FortiGuard Uncovers Ongoing Cyberattack Threatening Middle Eastern Infrastructure

Unmasking the Threat: A Focus on Lumma Stealer and Cybersecurity Resilience Understanding the Malware Landscape In an increasingly interconnected world, the prevalence of cyber threats continues...