Jump to content

JS/Spy.Banker.KJ reported on site but unable to reproduce or find.

Recommended Posts

We've received a report of malware on our website by one of our customers tried to access it.
The report is for JS/Spy.Banker.KJ on firefox from nexus.ensighten.com.
Below is the screenshot we've been sent.


We've looked into the issue and are unable to find the code that's the source of this, we also have tested using firefox and eset and were unable to reproduce.
We'd really appreciate any help with the issue.

Link to comment
Share on other sites

  • Administrators

It's impossible to tell where the code is located. It can be in php, js or html files or in the CMS database. It can be store in an encrypted form while the browser shows an already decrypted code in the source code view. Maybe you'll find some hints here: https://forum.eset.com/topic/36848-jsspybankerkn/.

Link to comment
Share on other sites

Update: we have been told but it resides in this file:



Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...