- A new Javascript malware has been discovered attempting to steal account credentials in more than 40 banks worldwide.
- The activity uses web injections to infect over 50,000 user sessions since March 2023.
Over 40 banks across Europe, North America, South America, and Japan have become victims of a major malware campaign that relied on Javascript web injections, resulting in the theft of credentials from over 50,000 users. IBM’s security team first detected the campaign in March 2023.
According to security researchers, malicious actors use web injections to circumvent the security of popular banking apps and extract sensitive credentials to monetize the stolen data following the installation of the malware. Malicious scripts are loaded from the jscdnpack[.]com threat actor-controlled server.
Whenever targeted victims visit the bank website, login pages are altered to include the hidden malicious code that harvests data such as OTPs and credentials. Researchers suspect the malware is delivered to targets using mediums like malvertising and phishing emails.
See More: Eight Lives Remaining: BlackCat Ransomware Responds as the FBI Seizes its Leak Site
The script works…
