Cert2Connect

Boolka Threat Actor Using Formstealing JavaScript To Capture Sensitive Data

Researchers have identified a landing page designed to distribute the BManager modular trojan created by a threat actor known as Boolka. Over the past three years Boolka has been infecting vulnerable websites with malicious JavaScript that intercept data entered on these websites. When a user visits an infected site the script is downloaded and executed performing two main actions notifying Boolkas server of its execution and collecting user input from the website. The script monitors user interactions captures and encodes input data from forms into session storage and sends this data in Base64 format back to Boolkas server. This suggests that the script is designed for data exfiltration potentially capturing sensitive information such as usernames and passwords.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak