ESET Insiders Trooper 68 Posted October 10, 2022 ESET Insiders Posted October 10, 2022 Is this a fp? Showed up on one of my endpoints today. Link-https://www.crazyforcostumes.com/Scripts/openExtra.asp?extra=1 JS/Spy.Banker.KF
Administrators Marcos 5,441 Posted October 10, 2022 Administrators Posted October 10, 2022 The domain doesn't resolve, probably it was taken down because of the infection. The detection is unlikely to be FP. Trooper 1
Solution itman 1,799 Posted October 10, 2022 Solution Posted October 10, 2022 2 hours ago, Marcos said: The domain doesn't resolve, probably it was taken down because of the infection. The detection is unlikely to be FP. The URL resolved fine on Firefox: Trooper 1
Administrators Marcos 5,441 Posted October 10, 2022 Administrators Posted October 10, 2022 Yes, now it works. Searching for "/mt.js" should help you locate the malicious JS, remove it. Trooper 1
itman 1,799 Posted October 10, 2022 Posted October 10, 2022 Quttera detected two malicious scripts referencing a blacklisted domain. Report here: https://quttera.com/detailed_report/www.crazyforcostumes.com Trooper 1
ESET Insiders Trooper 68 Posted October 12, 2022 Author ESET Insiders Posted October 12, 2022 Many thanks to you both for this.
Recommended Posts