Security News > 2023 > December > New Web injections campaign steals banking data from 50,000 people
A new malware campaign that emerged in March 2023 used JavaScript web injections to try to steal the banking data of over 50,000 users of 40 banks in North America, South America, Europe, and Japan.
Once the victim visits the attackers' compromised or malicious sites, the malware injects a new script tag with a source attribute pointing to an externally hosted script.
This new approach makes the attacks more stealthy, as static analysis checks are unlikely to flag the simpler loader script as malicious while still permitting dynamic content delivery, allowing attackers to switch to new second-stage payloads if needed.
The researchers have found loose connections between this new campaign and DanaBot, a modular banking trojan that has been circulated in the wild since 2018 and was recently seen spreading via Google Search malvertising promoting fake Cisco Webex installers.
According to IBM, the campaign is still underway, so heightened vigilance is advised when using online banking portals and apps.
Ten new Android banking trojans targeted 985 bank apps in 2023.