Windows malware DanaBot – JavaScript into 50K online banking sessions According to The Register, seems IBM Security has dissected some JavaScript code that was injected into people’s online banking pages to steal their login credentials, saying 50,000 user sessions with...

[UK Sentinel]

According to The Register, seems IBM Security has dissected some JavaScript code that was injected into people’s online banking pages to steal their login credentials, saying 50,000 user sessions with more than 40 banks worldwide were compromised by the malicious software in 2023.

Judging by the evidence to hand, it appears the Windows malware DanaBot, or something related or connected to it, infects victims’ PCs – typically from spam emails and other means – and then waits for the user to visit their bank website. At that point, the malware kicks in and injects JavaScript into the login page. This injected code executes on the page in the browser, and intercepts the victim’s credentials as they are entered, which can be passed to fraudsters to exploit to drain accounts.

 

Read more;

https://www.theregister.com/2023/12/20/credentialstealing_malware_infects_50k_banking/

 

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[kev2021]

wow, getting more advanced it seems. very seldom login to bank websites these days, mainly use the apps on mobile.

Kev

You need to login in order to vote

[UK Sentinel]

And they say online banking is safe ….

There’s always a way in and just a case or Risk vs Benefit (convenience)

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[Author]

Posts