New Web injections campaign steals banking data from 50,000 people
A new malware campaign which was identified in March 2023 used JavaScript web injections to try to steal the banking data of over 50,000 users of 40 banks in North America, South America, Europe, and Japan. The attack used scripts loaded from the attackers server, targeting a specific page structure common across many banks to intercept user credentials and one-time passwords. Using the users user credentials the attackers can log in to the victims bank account and lock them out by changing security settings, and then performing unauthorized transactions.
- The attack begins with the initial malware infection of the victims device.
- Once the victim visits the attackers compromised or malicious sites, the malware injects a new script tag attribute pointing to an externally hosted script.
The malicious script is loaded on the victims browser to modify webpage content, capture login credentials, and intercept one-time passcodes.