Gianthra 0 Posted September 28 Share Posted September 28 We've received a report of malware on our website by one of our customers tried to access it. The report is for JS/Spy.Banker.KJ on firefox from nexus.ensighten.com. Below is the screenshot we've been sent. We've looked into the issue and are unable to find the code that's the source of this, we also have tested using firefox and eset and were unable to reproduce. We'd really appreciate any help with the issue. Thanks Gia Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted September 28 Administrators Share Posted September 28 It's impossible to tell where the code is located. It can be in php, js or html files or in the CMS database. It can be store in an encrypted form while the browser shows an already decrypted code in the source code view. Maybe you'll find some hints here: https://forum.eset.com/topic/36848-jsspybankerkn/. Quote Link to comment Share on other sites More sharing options...
itman 1,630 Posted September 28 Share Posted September 28 Eset detection here is not the only issue. Domain is first blocked via uBlock Origin TPL detection. Quote Link to comment Share on other sites More sharing options...
Gianthra 0 Posted September 28 Author Share Posted September 28 Update: we have been told but it resides in this file: nexus.ensighten.com/jdplc/global/code/f3abd1a186e67e34c45e895ead223df9.js?conditionId0=422809 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.