Jump to content

JS/Spy.Banker.KN


Recommended Posts

Hi,

We have had this issue on our website for a week now.

 

image.png.41160d299ed723dd6147b064743b0ac0.png

We had some web developers find and remove some javascript which looked like it was the issue but we are still getting the checkout pages blocked.

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
30/06/2023 8:01:32 am;HTTP filter;file;https://knightgroup.co.nz/checkout/cart;JS/Spy.Banker.KN trojan;connection terminated;DESKTOP-35G460M\Rob;Event occurred during an attempt to access the web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (652FBB385E69B25D40A17DF64CDC8520C3F9AABA).;0B7A033FBC33BC1763DF8489725C0331DCB0F9FD;
 

Can't find any relevant info about this.

Does anyone have a sample piece of the javascript that we should be looking for?

 

Thanks, Rob

Link to comment
Share on other sites

  • Administrators

The script is likely obfuscated and can be located either in files or CMS database so it's impossible to tell where and what you should search for. Please look up other topics concerning JS/Spy.Banker here in the forum, e.g. https://forum.eset.com/topic/36831-jsspybankerkn.

Link to comment
Share on other sites

Hi,

Have found it.

image.thumb.png.ce9a4f0841a99b75084003749276d074.png

 

Its located in the core_config_data table. This is a Magento 2.2.11 site.

Regards, Rob

Edited by Slowboy
Link to comment
Share on other sites

5 hours ago, William Patrick said:

I got the same issue; may I know the keyword you did search on core_config_data table? how to locate the script? thanks in advance

Did you refer to this: https://sucuri.net/guides/how-to-clean-hacked-magento/ as I posted in the thread you created?

Also Sucuri can be engaged to clean your web site.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...