Security News > 2023 > December > Something nasty injected login-stealing JavaScript into 50K online banking sessions
IBM Security has dissected some JavaScript code that was injected into people's online banking pages to steal their login credentials, saying 50,000 user sessions with more than 40 banks worldwide were compromised by the malicious software in 2023.
This injected code executes on the page in the browser, and intercepts the victim's credentials as they are entered, which can be passed to fraudsters to exploit to drain accounts.
When the requested banking page "Contains a certain keyword and a login button with a specific ID present, new malicious content is injected," Langus explained.
These include injecting a prompt for the user's phone number or two-factor authentication token, which the miscreants can use with the intercepted username and password to access the victim's bank account and steal their cash.
The script can also inject an error message on the login page that says the banking services are unavailable for 12 hours.
He also urged banking customers to "Practice vigilance" with their banking apps.