Malware News New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,298
A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world.

The activity cluster, which employs JavaScript web injections, is estimated to have led to at least 50,000 infected user sessions spanning North America, South America, Europe, and Japan.

IBM Security Trusteer said it detected the campaign in March 2023.

"Threat actors' intention with the web injection module is likely to compromise popular banking applications and, once the malware is installed, intercept the users' credentials in order to then access and likely monetize their banking information," security researcher Tal Langus said.
 

nicolaasjan

Level 4
May 29, 2023
161
From the linked blog;
LegitimateMalicious
jscdnpack[.]comcdnjs[.]com
unpack[.]comunpkg[.]com
Shouldn't that be :
MaliciousLegitimate
jscdnpack[.]comcdnjs[.]com
unpack[.]comunpkg[.]com
Just block their servers in your hosts file:
0.0.0.0 jscdnpack.com 0.0.0.0 unpack.com

However, on the IP address of jscdnpack.com (155.138.200.91) there is also:
unpackg.com
Source: here.
Maybe they mean that one? :unsure:
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top