New Web injections campaign steals banking data from 50,000 people

New Web injections campaign steals banking data from 50,000 people

December 19, 2023 at 03:40PM

A new malware campaign, detected by IBM in March 2023, has targeted over 50,000 users across 40 banks globally, attempting to steal banking data. Using JavaScript web injections, the attackers intercepted user credentials and OTPs, gaining access to accounts, changing settings, and performing unauthorized transactions. The evasive campaign employs stealthy tactics, resembling legitimate content delivery networks to avoid detection. The sophisticated malware exhibits dynamic behavior, and its association with DanaBot indicates ongoing threats, urging increased caution when using online banking portals and apps.

Key takeaways from the meeting notes:

1. A new malware campaign using JavaScript web injections targeted banking data of over 50,000 users across four continents. The campaign has been under preparation since at least December 2022.

2. The attack techniques include stealthy web injections via externally hosted scripts, using obfuscated script tags resembling legitimate content delivery networks to evade detection.

3. The malicious script is dynamic, constantly adjusting its behavior based on the command and control server’s instructions, allowing it to perform specific data exfiltration actions.

4. The campaign has loose connections to the banking trojan DanaBot and is still ongoing, requiring heightened vigilance when using online banking portals and apps.

Let me know if you need further details or have any other questions.

Full Article