The malware was first discovered by IBM’s security team, where the researchers noted that the threat actors have been preparing for the campaign since December 2022, after buying the malicious domains.
The attacks used scripts that were loaded from the attacker’s server to intercept user credentials and one-time passwords (OTPs) by focusing on a particular page structure that is shared by numerous institutions.
The attackers can access the victim’s bank account, lock them out by altering security settings, and carry out illicit transactions by obtaining the aforementioned information.
A Stealthy Attack Chain
The attack begins when the threat actors infect the victim’s device with the malware. While IBM’s report did not specify the details of this stage, it is more likely that this is done through malvertizing, phishing emails, etc.
The malicious software inserts a new script tag with a source (‘src’) property pointing to an externally hosted script once the victim visits the malicious websites
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.