Iqembu eliyinkimbinkimbi elisongelayo elilandela i-JavaScript eyinkimbinkimbi yokufinyelela kude iTrojani (i-RAT) eyaziwa ngokuthi i-JSOutProx ikhiphe inguqulo entsha yohlelo olungayilungele ikhompuyutha ukuze iqondise izinhlangano zaseMpumalanga Ephakathi.
Inkampani yamasevisi e-Cybersecurity Resecurity ihlaziye imininingwane yobuchwepheshe yezehlakalo eziningi ezibandakanya uhlelo olungayilungele ikhompuyutha lwe-JSOutProx oluqondiswe kumakhasimende ezezimali kanye nokuletha isaziso sokukhokha se-SWIFT esingumgunyathi uma siqondise ibhizinisi, noma ithempulethi ye-MoneyGram lapho iqondise izakhamuzi ezizimele, inkampani ibhale embikweni oshicilelwe kuleli sonto. Iqembu elisongelayo liqondise izinhlangano zikahulumeni eNdiya naseTaiwan, kanye nezinhlangano zezezimali ePhilippines, Laos, Singapore, Malaysia, India - futhi manje I-Saudi Arabia.
Inguqulo entsha ye-JSOutProx iwuhlelo oluvumelana nezimo kakhulu futhi oluhleleke kahle ngokombono wentuthuko, oluvumela abahlaseli ukuthi balungise umsebenzi wendawo ethile yesisulu, kusho u-Gene Yoo, oyi-CEO yakwaResecurity.
“Ukufakwa kwe-malware enezigaba eziningi, futhi inama-plug-in amaningi,” usho kanje. “Ngokuya ngendawo yesisulu, ingena ngqo bese iyazikhipha igazi noma ifake ubuthi endaweni ezungezile, kuya ngokuthi iziphi izixhumi ezifakwe amandla.”
Lokhu kuhlasela kuwumkhankaso wakamuva weqembu lezigebengu ze-inthanethi elaziwa nge-Solar Spider, okubonakala kuyilona kuphela iqembu elisebenzisa uhlelo olungayilungele ikhompuyutha lwe-JSOutProx. Ngokusekelwe kulokho okuhloswe yiqembu - ngokuvamile izinhlangano e-India, kodwa nase-Asia-Pacific, Afrika, kanye Izifunda zaseMpumalanga Ephakathi - kungenzeka ukuthi ixhumene neChina, Ukuvikeleka kushiwo ekuhlaziyeni kwakho.
"Ngokwenza iphrofayela esihlosiwe, neminye imininingwane esiyithole engqalasizinda, sisola ukuthi ihlobene neChina," kusho u-Yoo.
"I-Obfusified Kakhulu ... I-plug-in ye-Modular"
I-JSOutProx yaziwa kakhulu embonini yezezimali. I-Visa, ngokwesibonelo, imikhankaso ebhaliwe esebenzisa ithuluzi lokuhlasela ngo-2023, okuhlanganisa eyodwa ekhonjwe emabhange amaningana esifundeni sase-Asia-Pacific, inkampani yathi Umbiko wayo Wezinsongo Zombili oshicilelwe ngoDisemba.
I-Trojan yokufinyelela kude (i-RAT) “iwumnyango ongemuva we-JavaScript ofiphazeke kakhulu, onekhono le-plugin le-modular, engasebenzisa imiyalo yegobolondo, ilande, ilayishe, futhi ikhiphe amafayela, isebenzise uhlelo lwefayela, isungule ukuphikelela, ithathe izithombe-skrini, futhi ilawule ikhibhodi negundane. imicimbi,” kusho i-Visa embikweni wayo. “Lezi zici ezihlukile zivumela uhlelo olungayilungele ikhompuyutha ukuthi lugweme ukutholwa amasistimu okuvikela futhi luthole inkokhelo ebucayi nolwazi lwezezimali oluvela ezikhungweni zezimali eziqondisiwe.
I-JSOutProx ngokuvamile ivela njengefayela le-PDF ledokhumenti yezezimali kungobo yomlando ye-zip. Kepha empeleni, yiJavaScript esebenza lapho isisulu sivula ifayela. Isigaba sokuqala sokuhlasela siqoqa ulwazi kusistimu futhi sixhumane namaseva womyalo nokulawula afiphazwe nge-DNS enamandla. Isigaba sesibili sokuhlasela sidawuniloda noma yimaphi ama-plug-in angu-14 ukuze kuqhutshekwe nokuhlasela, okuhlanganisa ukufinyelela ku-Outlook kanye nohlu loxhumana nabo lomsebenzisi, kanye nokuvumela noma ukukhubaza ama-proxi kusistimu.
I-RAT ilanda ama-plugin ku-GitHub - noma kamuva nje, i-GitLab - ukuze abonakale esemthethweni.
"Ukutholwa kwenguqulo entsha ye-JSOutProx, kuhlanganiswe nokuxhashazwa kwezinkundla ezifana ne-GitHub ne-GitLab, kugcizelela imizamo engapheli yalaba badlali abanonya kanye nokuvumelana okuyinkimbinkimbi," kusho abezokuphepha ekuhlaziyeni kwabo.
Ukwenza Imali Ngedatha Evela Ezezimali Ephakathi EMpumalanga
Uma i-Solar Spider ifaka umsebenzisi engozini, abahlaseli baqoqa imininingwane, njengezinombolo ze-akhawunti eyinhloko nemininingwane yomsebenzisi, bese benza izenzo ezinonya ezihlukahlukene ngokumelene nesisulu, ngokombiko wokusongela kwe-Visa.
"Uhlelo olungayilungele ikhompuyutha lwe-JSOutProx lubeka engcupheni enkulu izikhungo zezezimali emhlabeni jikelele, futhi ikakhulukazi lezo ezisendaweni ye-AP njengoba lezo zinhlangano beziqondiswe kaningi ngalolu hlelo olungayilungele ikhompuyutha," kusho umbiko we-Visa.
Izinkampani kufanele zifundise abasebenzi mayelana nendlela yokusingatha izincwadi ezingacelwanga nezisolisayo ukuze kuncishiswe usongo lohlelo olungayilungele ikhompyutha, kusho i-Visa. Ngaphezu kwalokho, noma yisiphi isenzakalo sohlelo olungayilungele ikhompuyutha kufanele siphenywe futhi silungiswe ngokuphelele ukuze kuvinjelwe ukuphinda kutheleleke.
Izinkampani ezinkulu nezinhlaka zikahulumeni kungenzeka ukuthi zihlaselwe yileli qembu ngoba iSolar Spider ibheka amafemu aphumelele kakhulu, kusho i-Yoo yakwaResecurity. Nokho, ingxenye enkulu, izinkampani akudingeki zithathe izinyathelo eziqondene nosongo kodwa kunalokho zigxile emasu okuvikela ajulile, usho kanje.
"Umsebenzisi kufanele agxile ekungabonini into ecwebezelayo esibhakabhakeni, njengoba amaShayina ehlasela, kodwa kulokho okudingeka bakwenze ukwakha isisekelo esingcono," kusho uYoo. “Ukuba nokuchibiyela okuhle, ukuhlukaniswa kwenethiwekhi, nokuphathwa kobungozi. Uma wenza lokho, akukho kulokhu” okungaba nomthelela kubasebenzisi bakho.
- I-SEO Powered Content & PR Distribution. Khuliswa Namuhla.
- I-PlatoData.Network Vertical Generative Ai. Zinike Amandla. Finyelela Lapha.
- I-PlatoAiStream. I-Web3 Intelligence. Ulwazi Lukhulisiwe. Finyelela Lapha.
- I-PlatoESG. Ikhabhoni, I-CleanTech, Amandla, Environment, Ilanga, Ukuphathwa Kwemfucuza. Finyelela Lapha.
- I-PlatoHealth. I-Biotech kanye ne-Clinical Trials Intelligence. Finyelela Lapha.
- Source: https://www.darkreading.com/threat-intelligence/solar-spider-spins-up-new-malware-to-entrap-saudi-arabian-banks
