1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This new malware campaign stole the banking details of 50,000 peo

    From TechnologyDaily@1337:1/100 to All on Wed Dec 20 16:30:05 2023
    This new malware campaign stole the banking details of 50,000 people - and it's still going after new victims, so be careful

    Date:
    Wed, 20 Dec 2023 16:17:35 +0000

    Description:
    The campaign is still active, so be careful, IBM's researchers are warning.

    FULL STORY ======================================================================

    A new malware campaign operating in the wild right now has so far captured sensitive banking data of more than 50,000 users in 40 banks around the
    world, experts have warned.

    Cybersecurity researchers from IBM said the campaign deploys unusual tactics that make it stealthier than others, loading malicious scripts from their servers into the page structure thats commonly found on many banks websites. That allows them to grab user login credentials and one-time passwords (OTP).

    After obtaining the login information, the attackers proceed to siphon the funds and lock the legitimate users out of their accounts. Active campaign

    As IBMs researchers explained, it all starts with a malware infection on the victims endpoint. After that, when the victim visits a malicious site, the malware will inject a new script tag which is then loaded into the browser
    and modifies the websites content. That allows the attackers to grab the passwords and intercept multi-factor authentication codes and one-time passwords.

    Usually, the researchers further explained, hackers will have the malware perform web injections directly on the web page. However, this method is stealthier as static analysis checks won't flag the simpler loader script, allowing for dynamic content delivery. Besides, the script resembles legitimate JavaScript content delivery networks (CDN), which further adds to the campaigns stealthiness.

    The operators can also change the scripts behavior, by sending updates and instructions via a C2 server. It can inject prompts for phone numbers, OTP tokens, prompt error messages, or pretend to be loading pages.

    While IBM wasnt able to determine exactly who is behind this campaign, it
    says that it loosely resembles DanaBot, a modular banking trojan first
    spotted in 2018, and recently observed being distributed via malicious Google Search results.

    IBM warns that the campaign is still active and advises caution when using online banking sites and apps.

    Via BleepingComputer More from TechRadar Pro These fake Android antivirus apps install a dangerous banking trojan Here's a list of the best firewalls today These are the best endpoint protection services right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-new-malware-campaign-stole-the-ban king-details-of-50000-people-and-its-still-going-after-new-victims-so-be-caref ul


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)