Jump to content

JS/Spy.Banker.KJ reported on site but unable to reproduce or find.


Gianthra

Recommended Posts

We've received a report of malware on our website by one of our customers tried to access it.
The report is for JS/Spy.Banker.KJ on firefox from nexus.ensighten.com.
Below is the screenshot we've been sent.

image.png.e5dc1162f061f588a5afeb4e97dba5c7.png

We've looked into the issue and are unable to find the code that's the source of this, we also have tested using firefox and eset and were unable to reproduce.
We'd really appreciate any help with the issue.
Thanks
Gia

Link to comment
Share on other sites

  • Administrators

It's impossible to tell where the code is located. It can be in php, js or html files or in the CMS database. It can be store in an encrypted form while the browser shows an already decrypted code in the source code view. Maybe you'll find some hints here: https://forum.eset.com/topic/36848-jsspybankerkn/.

Link to comment
Share on other sites

Update: we have been told but it resides in this file:
 

nexus.ensighten.com/jdplc/global/code/f3abd1a186e67e34c45e895ead223df9.js?conditionId0=422809

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...