Security News > 2023 > January > Earth Bogle Campaign Unleashes NjRAT Trojan on Middle East and North Africa

An ongoing campaign dubbed Earth Bogle is leveraging geopolitical-themed lures to deliver the NjRAT remote access trojan to victims across the Middle East and North Africa.

"The threat actor uses public cloud storage services such as files[.]fm and failiem[.]lv to host malware, while compromised web servers distribute NjRAT," Trend Micro said in a report published Wednesday.

This takes the form of a Microsoft Cabinet archive file containing a Visual Basic Script dropper to deploy the next-stage payload. Alternatively, it's suspected that the files are distributed via social media platforms such as Facebook and Discord, in some cases even creating bogus accounts to serve ads on pages impersonating legitimate news outlets.

The CAB files, hosted on cloud storage services, also masquerade as sensitive voice calls to entice the victim into opening the archive, only for the VBScript to be executed, leading to the retrieval of another VBScript file that masks itself as an image file.

NjRAT, first discovered in 2013, has myriad capabilities that allow the threat actor to harvest sensitive information and gain control over compromised computers.

"This case demonstrates that threat actors will leverage public cloud storage as malware file servers, combined with social engineering techniques appealing to people's sentiments such as regional geopolitical themes as lures, to infect targeted populations," the researchers concluded.

News URL

https://thehackernews.com/2023/01/earth-bogle-campaign-unleashes-njrat.html