BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Trojan NjRAT attacks countries in the Middle East and North Africa


    The Earth Bogle campaign deployed in the Middle East shows the active pace of malware distribution. Middle East geopolitical topics as bait for potential victims are of great importance in spreading the threat.

    The hacker group behind this campaign is using public cloud services to host malicious CAB files. The files have names associated with local geopolitics. Attackers are not shy about methods to induce Arabic speakers to open the infected file.

    One of the malicious CAB files is titled as follows: "Voice conversation between Colonel Omar Amraj, the commander of Tariq bin Ziyad, and an Emirati officer.cab." The attacker uses the bait of a supposedly confidential voice conversation between an Emirati army officer and a member of the Tariq bin Ziyad militia (TBZ), a powerful Libyan group. The title encourages interested victims to open the file and activate the virus.

    These lures are very similar to a campaign uncovered in December 2022 that used Facebook advertising tools to redirect to fake pages of Middle Eastern news outlets.

    “Attackers use public cloud storage such as files[.]fm and failiem[.]lv to host malware. And compromised web servers distribute NjRAT,” Trend Micro said in a report.

    After downloading the malicious CAB file, an obfuscated VBS script is run to extract the malware from the compromised host. It then extracts the PowerShell script responsible for injecting NjRat into the compromised device.

    NjRAT (aka Bladabindi), first discovered in 2013, has many features that allow attackers to collect sensitive information and take control of compromised computers.

    "This case demonstrates that attackers will continue to use public cloud storage in combination with social engineering techniques to distribute malware," the researchers concluded.
    Author DeepWeb
    Kratom
    Payment data of LCBO customers leaked to the darknet

    Comments 0

    Add comment