More Than 40 Banks Worldwide Hit by Malware Campaign
IBM’s security team first detected the malware campaign in March 2023.
- A new Javascript malware has been discovered attempting to steal account credentials in more than 40 banks worldwide.
- The activity uses web injections to infect over 50,000 user sessions since March 2023.
Over 40 banks across Europe, North America, South America, and Japan have become victims of a major malware campaign that relied on Javascript web injections, resulting in the theft of credentials from over 50,000 users. IBM’s security team first detected the campaign in March 2023.
According to security researchers, malicious actors use web injections to circumvent the security of popular banking apps and extract sensitive credentials to monetize the stolen data following the installation of the malware. Malicious scripts are loaded from the jscdnpack[.]com threat actor-controlled server.
Whenever targeted victims visit the bank website, login pages are altered to include the hidden malicious code that harvests data such as OTPs and credentials. Researchers suspect the malware is delivered to targets using mediums like malvertising and phishing emails.
See More: Eight Lives Remaining: BlackCat Ransomware Responds as the FBI Seizes its Leak Site
The script works by constantly querying the command and control server and the page structure; it dynamically adjusts itself based on the information it extracts and can easily be modified for various bank websites.
The malware can be erased from the threat actor’s server. It can also give out false error messages that fool users into thinking that the banking services may be offline for a limited period, providing an opportunity to exploit user accounts without their knowledge.
IBM has been tracking widespread activity from the campaign, including man-in-the-browser attacks, and has the potential to be a major threat to financial institutions. Security recommendations include following password and email security hygiene best practices.
What do you think about the rising cyber threats to financial institutions? Let us know your thoughts on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock