OBJECTIVE : Collect any information from victims visiting a legitimate website

An injector, targeting online banking or other type of payment platforms, is an overlay of a legitimate site but looking like the original one. It has the objective of collecting all kinds of the victim’s information attempting to visit the legitimate site. Very popular and widely available on the Dark Web, bank injections (Banking Injects) are usually used with banking Trojans for the injection of JavaScript or HTML codes before it is redirected to a legitimate bank website.

This type of attacks is commonly called “Man in the Browser”. Any banking Trojan can modify the content of legitimate banking page in real time by performing an API Hooking.

A Hooking API, in short, allows you to modify the behavior and flow of API calls, and to perform additional actions at specific times (a kind of .batch).

The compromised content, added to the page, is included in a web configuration file.

This is generally hosted on a remote Command and Control (CnC) server and then downloaded to the infected machine. This configuration file, encrypted and hidden to escape any detection, can quickly evolve and automatically get the configuration updates on compromised devices.

Some web injections built into Trojans even allow you to take full control of the corrupted machine. In addition, some web injections can easily bypass two-factor authentication.

The developers of bank injectors sell on the dark marketplace both ready to go injections tools and possible targets by injectors.

How to protect ?

  • Enforce software and applications updates, mainly operating systems and antivirus software.

  • Deploy and configure antivirus solutions, schedule signature updates and scans, and check the antivirus status of all devices.

  • Turn on multi factor authentication (MFA).

  • Verify the use of HTTPS connection on the Internet and certificate validity.

  • Educate your users about phishing.

  • Enforce a Web Filtering strict policy at the perimeter to block malicious websites.

  • Allow downloading only applications and files from reliable sources.

Use a password manager to prevent a Keyloggers to read manually encoded or cached credentials.

VEEZO analyses and understands the whole IT communications in order to apply instantly the appropriate action to any detected incident and mitigate the cyberattacks.

VEEZO is a complementary service to any traditional security tool offering:

• The network activity is analyzed in real-time detecting any suspicious or malicious communication

• The malicious behaviors are immediately intercepted.

• The appropriate actions are undertaken to mitigate the attacks, notify the managers and deliver the comprehensive incident reports.

Learn about hacking tools and techniques with Veezo.

Everything about the main hackers tools and how to stay protected here :