In a recent security alert, Visa has cautioned its partners, clients, and customers about a new phishing campaign designed to deliver a banking trojan. The Visa Payment Fraud Disruption (PDF) unit observed the campaign commencing in late March this year, primarily targeting financial institutions in South and Southeast Asia, the Middle East, and Africa. The main goal of the campaign is to distribute a new version of the banking trojan known as JsOutProx, although the exact motives of the threat actors remain uncertain.
Impersonating legitimate institutions
The identity of the threat actor behind this phishing campaign is currently unknown, as well as the specific number of organizations impacted. Based on the complexity of the attacks and the geographical focus of the victims, researchers speculate that the attackers may be from China or have affiliations to China. JsOutProx, identified as a remote access trojan in late 2019, possesses advanced features allowing remote control of infected systems and the ability to execute various malicious actions. The malware is distributed through phishing emails impersonating reputable financial institutions, displaying counterfeit SWIFT and MoneyGram payment notifications.
Phishing attacks continue to be a highly effective method for spreading malware due to their cost-effectiveness and scalability. With the advancement of generative artificial intelligence, detecting phishing emails has become more challenging. To mitigate the risk posed by phishing campaigns, organizations are advised to train employees on recognizing phishing attempts and implement robust email security solutions, firewalls, and antivirus tools.
For more cybersecurity news and insights, visit BleepingComputer.
