Javascript Malware Hits Banks Worldwide

A new Javascript malware is using web injections to steal account credentials from over 40 banks worldwide, affecting more than 50,000 users. The malicious scripts are loaded from a threat actor-controlled server, frequently querying the server and the page structure while also deceiving users with false error messages. The malware campaign was first detected by IBM’s security team in March 2023.