Sophisticated Threat Group Releases New Version of JSOutProx Malware targeting Middle East Organizations

A notorious threat group known as Solar Spider has unleashed a new and highly sophisticated version of the JSOutProx malware, targeting organizations in the Middle East, particularly in Saudi Arabia. Cybersecurity experts from Resecurity have identified the latest iteration of the malicious JavaScript remote access Trojan (RAT) as a highly adaptable and well-structured program designed to infiltrate and compromise specific environments with ease.

According to Resecurity CEO Gene Yoo, the new JSOutProx variant operates as a multi-stage malware implant with various plug-ins that enable the attackers to tailor their attacks according to the victim’s infrastructure. The threat group has been traced back to China based on its previous targets in regions like India, the Asia-Pacific, Africa, and the Middle East.

Visa has previously documented campaigns utilizing the JSOutProx attack tool, highlighting its ability to evade detection by security systems and extract sensitive financial information from targeted institutions. The malware typically disguises itself as a PDF file within a zip archive and executes JavaScript once opened, initiating a two-stage attack that can lead to the theft of crucial data.

As Solar Spider continues to target high-profile organizations, Visa urges companies to educate their employees on identifying and handling suspicious emails to prevent malware infections. By implementing robust defense-in-depth strategies, such as regular patching, network segmentation, and vulnerability management, businesses can mitigate the risk posed by sophisticated threat groups like Solar Spider and protect their valuable data from falling into the wrong hands.