December 21, 2023 at 07:51AM
A new JavaScript malware targets over 40 financial institutions worldwide, compromising users’ banking credentials via web injections. The campaign, detected by IBM Security Trusteer, uses dynamic tactics to bypass security measures and dissuade victims from logging in. Additionally, other online fraud schemes, including investment scams and phishing attacks impersonating postal services, are on the rise.
Based on the meeting notes, the key takeaways are:
1. A JavaScript malware campaign has targeted 40+ financial institutions worldwide, leading to at least 50,000 infected user sessions.
2. The malware uses web injections to compromise banking applications and intercept user credentials, with the potential to monetize banking information.
3. The malware employs obfuscated scripts to harvest credentials and OTPs, dynamically adapting its behavior based on server responses.
4. Sophisticated threat actors have orchestrated a pig butchering and cryptocurrency scam, resulting in nearly $2.9 million in cryptocurrency losses.
5. Investment fraud, particularly in combination with other fraud schemes like romance scams, remains a significant online threat according to Europol.
6. There has been a significant increase in phishing websites impersonating postal operators and delivery companies, affecting users in 53 countries.
Let me know if you need further details or summaries of any specific points from the meeting notes.