ESET Insiders Trooper 66 Posted October 10, 2022 ESET Insiders Share Posted October 10, 2022 Is this a fp? Showed up on one of my endpoints today. Link-https://www.crazyforcostumes.com/Scripts/openExtra.asp?extra=1 JS/Spy.Banker.KF Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted October 10, 2022 Administrators Share Posted October 10, 2022 The domain doesn't resolve, probably it was taken down because of the infection. The detection is unlikely to be FP. Trooper 1 Link to comment Share on other sites More sharing options...
Solution itman 1,741 Posted October 10, 2022 Solution Share Posted October 10, 2022 2 hours ago, Marcos said: The domain doesn't resolve, probably it was taken down because of the infection. The detection is unlikely to be FP. The URL resolved fine on Firefox: Trooper 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted October 10, 2022 Administrators Share Posted October 10, 2022 Yes, now it works. Searching for "/mt.js" should help you locate the malicious JS, remove it. Trooper 1 Link to comment Share on other sites More sharing options...
itman 1,741 Posted October 10, 2022 Share Posted October 10, 2022 Quttera detected two malicious scripts referencing a blacklisted domain. Report here: https://quttera.com/detailed_report/www.crazyforcostumes.com Trooper 1 Link to comment Share on other sites More sharing options...
ESET Insiders Trooper 66 Posted October 12, 2022 Author ESET Insiders Share Posted October 12, 2022 Many thanks to you both for this. Link to comment Share on other sites More sharing options...
Recommended Posts