Web injections, a favoured technique employed by various banking Trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cybercriminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information.
In a new finding, it has been revealed that the malware campaign that first came to light in March 2023 has used JavScript web injections in an attempt to steal data from over 50 banks, belonging to around 50,000 used in North America, South America, Europe, and Japan.
IBM Security has dissected some JavaScript code that was injected into people’s online banking pages to steal their login credentials, saying 50,000 user sessions with more than 40 banks worldwide were compromised by the malicious software in 2023.
As IBM’s researchers explained, it all starts with a malware infection on the victim’s endpoint.
After that, when the victim visits a malicious site, the malware will inject a new script tag which is then loaded into the browser and modifies the website’s content. That allows the attackers to grab passwords and intercept multi-factor authentication codes and one-time passwords.
IBM says this extra step is unusual, as most malware performs web injections directly on the web page. This new approach makes the at
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: