Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Visa warns dangerous new malware is attacking financial firms

Trojan.

Visa is warning its partners, clients, and customers, of an ongoing phishing attack that aims to deliver a banking trojan. 

The Visa Payment Fraud Disruption (PDF) unit sent out a security alert to card issuers, processors, and acquirers, noting it had observed a new phishing campaign that started in late March this year. 

The campaign targets mostly financial institutions in South and Southeast Asia, the Middle East, and Africa, and aims to drop a new version of the banking trojan called JsOutProx. "While PFD could not confirm the ultimate goal of the recently identified malware campaign, this eCrime group may have previously targeted financial institutions to conduct fraudulent activity."

Impersonating legitimate institutions

Unfortunately, we don’t know the name of the threat actor behind the campaign, or the number of companies that fell victim. The researchers speculate, based on the sophistication of the attacks, the profile of the victims, and their geographical location, that the attackers are most likely China-based, or at least China-affiliated.

We also know is that JsOutProx is a remote access trojan that was first spotted in late 2019, and is described as a “highly obfuscated” JavaScript backdoor that allows its users to run shell commands, download additional malware, run files, grab screenshots, control various peripherals, and establish persistence on the target endpoint. It’s hosted on a GitLab repository, apparently.

In the phishing emails, the attackers are impersonating legitimate institutions, showing victims fake SWIFT and MoneyGram payment notifications.

Phishing remains one of the most lucrative ways to deploy malware. It’s cheap and easily scalable, and now with the help of generative artificial intelligence, relatively difficult to spot. IT teams are advised to educate their employees to identify a phishing attack, as well as to install email security software, firewalls, and antivirus tools.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.