GitHub Hosts Lokibot Infostealer

less than 1 minute read

<p>A few months ago, we reported on how cybercriminals were using GitHub to load a variety of cryptominers on hacked websites. We have now discovered that this same approach is being used to push binary “info stealing” malware to Windows computers.</p>

Infected Magento Sites

Recently, we identified hundreds of infected Magento sites with the following injected script:

<script type="text/javascript" src="https://bit.wo[.]tc/js/lib/js.js">

The contents of the js.js file included:

This code creates a hidden div and after a short delay displays a fake Flash Player update banner above the normal site content.

Continue reading GitHub Hosts Lokibot Infostealer at Sucuri Blog.

Share on

Twitter Facebook Google+ LinkedIn

You may also enjoy

Spotlight on Women in Cybersecurity

less than 1 minute read

Sucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into workin...

How to Add SSL & Move WordPress from HTTP to HTTPS

less than 1 minute read

Moving a WordPress website from HTTP to HTTPS should be a priority for any webmaster. Recent statistics show that over 33% of website administrators across ...

Hacked Website Trend Report – 2018

less than 1 minute read

We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / ...

Fake Browser Updates Push Ransomware and Bank Malware

less than 1 minute read

Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors. This is what a typical fake update request...