sanqueue@lemmy.world to Technology@lemmy.worldEnglish · 10 months agoThis JavaScript code hit 50K online banking sessions in 2023www.theregister.comexternal-linkmessage-square3fedilinkarrow-up156arrow-down13
arrow-up153arrow-down1external-linkThis JavaScript code hit 50K online banking sessions in 2023www.theregister.comsanqueue@lemmy.world to Technology@lemmy.worldEnglish · 10 months agomessage-square3fedilink
minus-square_edge@discuss.tchncs.delinkfedilinkEnglisharrow-up32arrow-down2·10 months agoShort version: Malware got onto Windows PC. From the compromised machine, spying on credentials is trivial. That’s it. All the analysis about how they inject some code into some browser and communicate with their server is a smoke screen. Our most favourite OS is blatantly insecure.
minus-squareBearOfaTime@lemm.eelinkfedilinkEnglisharrow-up2·10 months agoMac browser too apparently. It’s really hard to defend against the human angle. I’ve seen senior management wire $1mil+ to a scammer by emailing the wire info, including PIN. 🤦♂️
Short version:
That’s it. All the analysis about how they inject some code into some browser and communicate with their server is a smoke screen.
Our most favourite OS is blatantly insecure.
Mac browser too apparently.
It’s really hard to defend against the human angle. I’ve seen senior management wire $1mil+ to a scammer by emailing the wire info, including PIN. 🤦♂️