silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,148
An ongoing campaign dubbed Earth Bogle is leveraging geopolitical-themed lures to deliver the NjRAT remote access trojan to victims across the Middle East and North Africa.
"The threat actor uses public cloud storage services such as files[.]fm and failiem[.]lv to host malware, while compromised web servers distribute NjRAT," Trend Micro said in a report published Wednesday.
Phishing emails, typically tailored to the victim's interests, are loaded with malicious attachments to activate the infection routine. This takes the form of a Microsoft Cabinet (CAB) archive file containing a Visual Basic Script dropper to deploy the next-stage payload.
Alternatively, it's suspected that the files are distributed via social media platforms such as Facebook and Discord, in some cases even creating bogus accounts to serve ads on pages impersonating legitimate news outlets.
The CAB files, hosted on cloud storage services, also masquerade as sensitive voice recordings to entice the victim into opening the archives, only for the VBScript to be executed, leading to the retrieval of another VBScript file that masks itself as an image file.
Earth Bogle Campaign Unleashes NjRAT Trojan on Middle East and North Africa
An ongoing cyber attack campaign using cloud storage, social media, and phishing emails to deliver the NjRAT trojan to victims in the Middle East.
thehackernews.com
