Threat Intelligence

Modular trojan deployed via SQL injection attacks

Share
Cyber security concept. Toy horse on a digital screen, symbolizes the attack of the Trojan virus. 3D illustration.

Numerous websites worldwide have been subjected to SQL injection attacks by newly-discovered threat actor Boolka deploying the modular BMANAGER trojan since 2022, reports The Hacker News.

Intrusions involved the distribution of malicious JavaScript code that not only facilitates user input and interaction gathering and exfiltration but also redirects to a fake loading page luring targets to download the BMANAGER trojan downloader as a browser extension, according to a Group-IB analysis. Execution of BMANAGER then enables the delivery of four other payloads with data harvesting, running app recording, keystroke logging, and stolen data exporting capabilities, with the trojan also leveraging scheduled tasks for persistence, said researchers, who noted the increasing sophistication of Boolka's operations since its emerged two years ago. "The injection of malicious JavaScript snippets into vulnerable websites for data exfiltration, and then the use of the BeEF framework for malware delivery, reflects the step-by-step development of the attacker's competencies," added researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.