Boolka Threat Actor Using Formstealing JavaScript To Capture Sensitive Data
Researchers have identified a landing page designed to distribute the BManager modular trojan created by a threat actor known as Boolka. Over the past three years Boolka has been infecting vulnerable websites with malicious JavaScript that intercept data entered on these websites. When a user visits an infected site the script is downloaded and executed performing two main actions notifying Boolkas server of its execution and collecting user input from the website. The script monitors user interactions captures and encodes input data from forms into session storage and sends this data in Base64 format back to Boolkas server. This suggests that the script is designed for data exfiltration potentially capturing sensitive information such as usernames and passwords.