Search This Blog

Showing posts with label Infected websites. Show all posts

Indian users third most affected by Formjacking attacks, after the US and Australia


Followed by the US and Australia, Indian users were the most exposed to Formjacking attacks, according to a new survey by cybersecurity firm, Symantec, which has blocked over 2.3 million formjacking attacks globally in the second quarter of 2019.

In 2018, American users faced 33% of the total formjacking attacks; however, during the first half of the year 2019, they became the most exposed to these attacks with more than 50% of all the global detections. On the other hand, India with 5.7% of all the global attacks ranks third, as per the Symantec report.

Formjacking, a new dangerous threat in the cyber world, operates by infecting websites via malicious codes; mainly, these are the websites that involve filling out job applications, government forms, and credit card details. Symantec carried out a comprehensive analysis of formjacking attacks in its Internet Security Threat Report (ISTR) which calls attention to the ways users and websites have been affected by this critical cyber threat in 2018-19.

“We expect this formjacking trend to continue and expand further to steal all kinds of data from web forms, not just payment card data. This also means that we are likely to see more software supply chain attacks. Unfortunately, formjacking is showing no signs of disappearing any time soon. Therefore, operators of online stores need to be aware of the risk and protect their online presence,” reads the report.

How ‘Formjacking’ Works? 

In order to inject malicious JavaScript code on the website, attackers and cybercriminals modify one of the JavaScript files which get loaded along with the website. Then, the malicious JavaScript code makes alterations in the behavior of the selected web process on the infected website which, as a result, allows hackers to unlawfully acquire credit card data and other sensitive information.

According to the findings of Symantec, the websites which are affected by Formjacking attacks stay under its influence for 46 days. A number of websites have fallen prey to formjacking, with publically reported attacks on the websites of major companies like British Airways, Ticketmaster, Feedify, and Newegg.

Warning the consumers around the globe, Candid Wueest, Principal Threat Researcher at Symantec, said, “Each month we discover thousands of formjacking infected websites, which generate millions of dollars for the cybercriminals," warned Candid Wueest, Principal Threat Researcher at Symantec.

"Consumers often don't notice that they have become a victim to a formjacking attack as it can happen on a trusted online store with the HTTPS padlock intact. Therefore, it is important to have a comprehensive security solution that can protect you against formjacking attacks," He added.

Google Project Zero Discovers Malicious Website Exploits which Affected iPhone Users



Researchers at Google Project Zero discovered an attack against iOS users which is present in the form of a malware hidden in hacked websites.

The malware stealthily installs itself for the users surfing any of the hacked websites, which have a readership base of thousands.

Once the malware is installed, it makes the iPhone act as a clandestine spying device which traces the contacts, location and messages, allowing hackers to get an overview of the victim's life and habits.

The malware extends the collection of data up to the popular third party apps such as Gmail, Whatsapp and Google Maps; it is configured to steal files and upload live location data of the owner.

The hub of white hat hackers, Google's Project Zero Division, which excelled in discovering multiple bugs and vulnerabilities, said that these attacks are based in a series of hacked sites, that were said to be randomly disseminating malware to iOS users.

The particular series of attack stands out as most of the attacks are more targeted in scope, however these attacks affected people who happened to surf one of the hacked websites.

Explaining  the issue, Ian Beer from Project Zero, says, "Real users make risk decisions based on the public perception of the security of these devices. The reality remains that security protections will never eliminate the risk of attack if you're being targeted. To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group.

"All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them."

Taiwan Government sites infected and used in Wire Transfer spam mails



Be careful while visiting Taiwan Government websites , it may redirect you to BlackHole Exploit kit page.  We have discovered three infected Taiwan government websites. Initially , the infection identified by @Hulk_Crusader.

"h00p://www.tai**i.gov.tw/page-3.htm <- another Taiwan .gov site distributing malware. (Copies of Policies spam)" The tweet posted by the researcher reads. At EHN, i have discovered another infected government website.

The infected sites has the same URL pattern ('page-3.htm') and contains an iframe pointing to BlackHole Exploit page "podaruno**.ru".

malicious script

After quick Google search, i come to know that the infected websites are being used in a Wire Transfer Spam mail.

Good afternoon,

Your Wire Transfer Amount: USD 92,710.37
Transaction Report: View [Link_to_infected_page]
TEMIKA Heller,
The Federal Reserve Wire Network

The list of infected websites: