The sophisticated threat group behind a complex JavaScript remote access Trojan (RAT) known as JSOutProx has released a new version of the malware to target organizations in the Middle East.
Cybersecurity services firm Resecurity analyzed technical details of multiple incidents involving the JSOutProx malware targeting financial customers and delivering either a fake SWIFT payment notification if targeting an enterprise, or a MoneyGram template when targeting private citizens, the company wrote in a report published this week. The threat group has targeted government organizations in India and Taiwan, as well as financial organizations in the Philippines, Laos, Singapore, Malaysia, India — and now Saudi Arabia.