Web injections involve injecting malicious code into websites to manipulate content or redirect users to fraudulent sites.
Threat actors use this technique to steal sensitive information, such as:-
Login credentials
Financial data
Exploit vulnerabilities in web applications
Cybersecurity researchers at Security Intelligence recently identified that hackers hijacked the banking details of more than 50,000 users using web injection attacks.
Banking trojans use web injections to threaten the cyber world, and IBM Security Trusteer finds a sneaky JavaScript campaign in March 2023.
While in this malicious campaign, the malware’s link to DanaBot remains unconfirmed; however, Since 2023, more than 50000 user sessions got hit in over 40 banks across the following countries:-
North America
South America
Europe
Japan
Hackers Hijacked Banking Details
This new threat campaign aims to hijack popular banking apps, and the malicious domains bought in Dec 2022 have been active since early 2023.
Meanwhile, the JS script targets specific page structures and injects content when certain conditions are met.
Besides this, the credential theft is done via added event listeners on the login button. It also focuses on common bank layouts, as the threat actors aim to compromise and monetize user banking info.
Malware starts grabbing data as soon as the script is fetched. It often uses the computer’s name to add details like bot ID and config flags as query parameters.
This suggests an OS-level infection by other malware components before browser injection.
Initial obfuscated GET request fetching the script (Source – Security Intelligence) The encoded script is disguised and returned as a single line with an added decoy string. Meanwhile, the malicious content is hidden in network traffic, resembling a legitimate CDN .
Injection avoids running if “adrum” is in the page URL, and the function patching removes malware evidence to hide its presence.
Dynamic script communicates with the C2 server and adjusts actions based on the following two key elements:-
Received instructions
Logs updates
Resilient injection patiently waits, retries steps, and adapts based on server responses. Continuous server-device identification ensures execution continuity.
The script, within an anonymous function, configures with default values and adjusts dynamically during runtime. Asynchronous actions, triggered by server responses, hide the script.
While the operational states dictate actions like:-
Injecting prompts
Executing login attempts
Prompting a phone number for two-factor authentication (Source – Security Intelligence) Recommendations
Here below, we have mentioned all the recommendations offered by the security analysts:-
Practice vigilance
Report suspicious activity
Avoid unknown software
Follow password and email security best practices
Always stay vigilant
Implement robust security
Stay informed to counter emerging threats
The post Hackers Stole Banking Details From Over 50,000 Users Via Web Injections appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform .
Top News
-
Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users
Hackers are targeting, attacking, and exploiting ML models. They want to hack into these systems to steal sensitive data, interrupt services, or...
-
U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain
Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a...
-
Lừa đảo đánh cắp mã OTP tinh vi, tấn công mạng tận dụng lỗ hổng mới
Xuất hiện lừa đảo đánh cắp mã OTP tinh vi; Hacker gia tăng tốc độ tận dụng các lỗ hổng mới,... là những thông tin công nghệ trong nước nổi bật...
-
Lừa đảo mạo danh ‘nở rộ’ trên không gian mạng và ngày càng tinh vi
Dù hình thức không mới song lừa đảo mạo danh hiện vẫn đang khiến nhiều người dân tại Việt Nam và trên thế giới sập bẫy, bị chiếm đoạt tài sản.
-
Sleepy Pickle - Kỹ thuật tấn công mới nhắm vào các mô hình học máy
Sleepy Pickle là một kỹ thuật tấn công mới lạ và bí mật nhắm vào chính mô hình ML (Machine Learning) thay vì hệ thống cơ bản. {...