Malware News New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

silversurfer · Dec 22, 2023

A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world.

The activity cluster, which employs JavaScript web injections, is estimated to have led to at least 50,000 infected user sessions spanning North America, South America, Europe, and Japan.

IBM Security Trusteer said it detected the campaign in March 2023.

"Threat actors' intention with the web injection module is likely to compromise popular banking applications and, once the malware is installed, intercept the users' credentials in order to then access and likely monetize their banking information," security researcher Tal Langus said.

nickstar1 · Dec 22, 2023

threat actors are so nice on the holidays.

nicolaasjan · Dec 22, 2023

From the linked blog;

Legitimate Malicious
jscdnpack[.]com cdnjs[.]com
unpack[.]com unpkg[.]com

Shouldn't that be :

Malicious Legitimate
jscdnpack[.]com cdnjs[.]com
unpack[.]com unpkg[.]com

Just block their servers in your hosts file:

0.0.0.0 jscdnpack.com
0.0.0.0 unpack.com

However, on the IP address of jscdnpack.com (155.138.200.91) there is also:
unpackg.com
Source: here.
Maybe they mean that one?

Search

Malware News New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

silversurfer

Level 85

nickstar1

Level 6

nicolaasjan

Level 3

Similar threads

Legitimate	Malicious
jscdnpack[.]com	cdnjs[.]com
unpack[.]com	unpkg[.]com