More Complexity to Come

The profession of webinject crafting is being reflected in Trojan campaigns against banks. We can only guess whether the resemblance between the webinjects is a result of a cooperation or of both fraudsters buying webinjects from the same third party. Either way, a great deal of fraud business logic is now implemented in JavaScript and contained in the webinjects.

We expect the complexity of webinjects to increase, along with their roles in successfully committing malicious transactions. This trend is being closely monitored by our researchers. What remains to be seen is whether the “production” of these webinjects, which use shared rather than custom code, increases the risk that more organizations, and smaller organizations, may be attacked.

Sampled Tinba md5: a01412b41e1837754be907d6989472e5

Sampled Gozi md5: e4d8cc25266ae39a5e5e87c7048f15f3