A new remote access trojan (RAT) has appeared in the Middle East, stealing information from its victims and downloading additional payloads as required. Dubbed “JhoneRAT”, it has been around since November 2019, and it is mainly targeting Arabic-speaking users (by checking the keyboard layout). To keep it safe from discovery, the actors have equipped JhoneRAT with features that make use of Twitter, Google Forms, and Google Drive. Moreover, the new malware was written from scratch, so it uses none of the known code that can be identified and flagged by most AV tools.
