Gianthra 0 Posted September 28, 2023 Share Posted September 28, 2023 We've received a report of malware on our website by one of our customers tried to access it. The report is for JS/Spy.Banker.KJ on firefox from nexus.ensighten.com. Below is the screenshot we've been sent. We've looked into the issue and are unable to find the code that's the source of this, we also have tested using firefox and eset and were unable to reproduce. We'd really appreciate any help with the issue. Thanks Gia Link to comment Share on other sites More sharing options...
Administrators Marcos 5,271 Posted September 28, 2023 Administrators Share Posted September 28, 2023 It's impossible to tell where the code is located. It can be in php, js or html files or in the CMS database. It can be store in an encrypted form while the browser shows an already decrypted code in the source code view. Maybe you'll find some hints here: https://forum.eset.com/topic/36848-jsspybankerkn/. Link to comment Share on other sites More sharing options...
itman 1,747 Posted September 28, 2023 Share Posted September 28, 2023 Eset detection here is not the only issue. Domain is first blocked via uBlock Origin TPL detection. Link to comment Share on other sites More sharing options...
Gianthra 0 Posted September 28, 2023 Author Share Posted September 28, 2023 Update: we have been told but it resides in this file: nexus.ensighten.com/jdplc/global/code/f3abd1a186e67e34c45e895ead223df9.js?conditionId0=422809 Link to comment Share on other sites More sharing options...
Recommended Posts