Security News > 2020 > January > New JhoneRAT Malware Targets Middle East

Researchers are warning of a new remote access trojan, dubbed JhoneRAT, which is being distributed as part of an active campaign, ongoing since November 2019, that targets victims in the Middle East.

Researchers identified three malicious documents distributing JhoneRAT: the oldest, from November 2019, is called "Urgent.docx." The second document is from the beginning of January 2019, named "Fb.docx," and contains usernames and passwords from an alleged "Facebook" leak.

Once the user either opens the document or enable editing, the malicious documents then downloads an additional Office document from Google Drive with an embedded Macro.

Once the document is downloaded onto Google Drive, a command is then executed to download an image from a new Google Drive link.

Once decoded, the base64 binary is an AutoIT binary, which drops a new file on Google Drive.

News URL

https://threatpost.com/new-jhonerat-malware-targets-middle-east/152002/