CyberNews Briefs

ATMZOW JS Sniffer Campaign Linked to Hancitor Malware

Security researchers at Group-IB have made a connection between the ATMZOW JS Sniffer campaign and the Hancitor malware downloader, claiming that the same malicious actors may be behind both threats. The connection was made earlier this week after analyzing roughly 483 websites spanning four continents that had been successfully infected by ATMZOW since 2019. Group-IB specialists analyzed recent activity and found ties with a phishing campaign that was targeting clients of a US based bank. According to researchers, the campaigns used the same JS obfuscation technique.

Group-IB first detected the technique on a phishing website. However, the method is likely not unique to ATMZOW and other hackers could be using the same obfuscator. Further analysis showed evidence that attacks involving the JS sniffer and the phishing campaign were the work of the same group, according to Group-IB. The team noticed several cases in which phishing pages targeted clients of the same bank and were leveraged as a final redirect after downloading the malicious payload. Group-IB has released a list of indicators of compromise connected to the attacks, as well as a list of phishing websites with the obfuscation.

Read More: ATMZOW JS Sniffer Campaign Linked to Hancitor Malware

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.