F5 SOC webinject Analysis

Recently several e-banking Trojans (Dyre, Cridex, and Tinba, for instance) have used script injection techniques to modify the original web page. The modification may enable the attacker to perform money transactions using victims’ credentials. This may be perpetrated by a Trojan injecting a malicious JavaScript code to the client’s browser, once the client is connected to the website. The injected code performs different functions, including attempting a money transfer from the client’s account, gaining control on mobile devices, and much more. To maintain the information sent by the Trojans, attackers have developed different types of command and control (C&C) systems that enable them to grab and manage the injected code and its functions these systems are usually PHP-based systems accompanied by a SQL database.

In his research, Elman Reyes, F5 SOC Analyst in the Anti-Fraud team reveal another webinject that was detected by WebSafe and blocked by F5 SOC within just couple of hours.

Please click here to download the full analysis report.

Published Dec 12, 2015
Version 1.0
No CommentsBe the first to comment