This new malware campaign stole the banking details of 50,000 people – and it’s still going after new victims, so be careful
A new malware campaign operating in the wild right now has so far captured sensitive banking data of more than 50,000 users in 40 banks around the world, experts have warned.
Cybersecurity researchers from IBM said the campaign deploys unusual tactics that make it stealthier than others, loading malicious scripts from their servers into the page structure that’s commonly found on many banks’ websites. That allows them to grab user login credentials and one-time passwords (OTP).
After obtaining the login information, the attackers proceed to siphon the funds and lock the legitimate users out of their accounts.
Active campaign
As IBM’s researchers explained, it all starts with a malware infection on the victim’s endpoint. After that, when the victim visits a malicious site, the malware will inject a new script tag which is then loaded into the browser and modifies the website’s content. That allows the attackers to grab the passwords and intercept multi-factor authentication codes and one-time passwords.
Usually, the researchers further explained, hackers will have the malware perform web injections directly on the web page. However, this method is stealthier as static analysis checks won’t flag the simpler loader script, allowing for dynamic content delivery. Besides, the script resembles legitimate JavaScript content delivery networks (CDN), which further adds to the campaign’s stealthiness.
The operators can also change the script’s behavior, by sending updates and instructions via a C2 server. It can inject prompts for phone numbers, OTP tokens, prompt error messages, or pretend to be “loading” pages.
While IBM wasn’t able to determine exactly who is behind this campaign, it says that it “loosely” resembles DanaBot, a modular banking trojan first spotted in 2018, and recently observed being distributed via malicious Google Search results.
IBM warns that the campaign is still active and advises caution when using online banking sites and apps.
Via BleepingComputer
More from TechRadar Pro
A new malware campaign operating in the wild right now has so far captured sensitive banking data of more than 50,000 users in 40 banks around the world, experts have warned. Cybersecurity researchers from IBM said the campaign deploys unusual tactics that make it stealthier than others, loading malicious scripts…
Recent Posts
- iOS 18 tipped to bring next-gen Siri and a time-saving AI notifications boost
- Slack is training its AI models on your chats — unless you opt out in a tricky way
- What is Project Astra? Google’s futuristic universal assistant explained
- The best soundbars to boost your TV audio in 2024
- Nifty eSIM provider offers free mobile data for life whenever you are but there’s a big catch — Firsty gives you 60 minutes of data anywhere in the world, but you will have to watch an advert if you want more
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011