Richard Orabona 0 Posted March 20, 2023 Share Posted March 20, 2023 Hello, New to ESET. Our sales team was trying to log onto their customer's portal https://learningexpress.com/, and received the JS Spybanker error. I reviewed a few other similar threads and was able to search in the code for ParentNode and found the below. How can I know what script is causing this and if it's actually bad or not? (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-NNC89FK'); !function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n; n.push=n;n.loaded=!0;n.version='2.0';n.queue=[];t=b.createElement(e);t.async=!0; t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window, document,'script','//connect.facebook.net/en_US/fbevents.js'); // Insert Your Custom Audience Pixel ID below. fbq('init', '1698256930387984'); fbq('track', 'PageView'); Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted March 20, 2023 Administrators Share Posted March 20, 2023 Searching for "r=> r.blob()" should help you locate the malicious JS. Link to comment Share on other sites More sharing options...
Recommended Posts