A sophisticated JavaScript malware campaign, detected by IBM Security Trusteer in March 2023, has targeted over 40 financial institutions worldwide, compromising at least 50,000 user sessions across North America, South America, Europe, and Japan. This malware, using JavaScript web injections, primarily aims to steal online banking account credentials. Attackers employ scripts from a controlled server, “jscdnpack[.]com,” which manipulate the login pages of banking websites. This manipulation enables the harvesting of credentials and one-time passwords (OTPs), all while being heavily obfuscated to conceal its malicious nature. The malware’s dynamic script continuously interacts with the command-and-control server, adjusting its actions based on the current page structure and server responses. One notable tactic includes introducing fraudulent UI elements and error messages to dissuade victims from logging into their accounts, thus creating an opportunity for attackers to seize control and perform unauthorized actions.

Relevant URL: https://thehackernews.com/2023/12/new-javascript-malware-targeted-50000.html