Javascript injection detected by Kaspersky but not Bitdefender, I would like to submit it

jturgeon · 2021-11-26T21:42:11+00:00

There was an error rendering this rich post.

Hi,

We had an intrusion in our website throught our cms (not sure for now) and a javascript code was injected into the head element of all page to get user data and cookies, our clients/visitors with the Kaspersky protection alerted us with this reference from Kaspersky:

https://threats.kaspersky.com/en/threat/Trojan-PSW.******.Generic/

I found the ****** an removed it.

On my Macbook pro I have the Bitdefender Endpoint protection that our enterprise bought for the devices that employees use (on my advice). At home, I'm protected with the Internet protection (proud client since ~15 years) ans I a bit surprise that none of them detected the problem on our website.

So I would like to submit the ****** to Bitdenfender so they can add it to their detection library.

I already made a submission here:

https://www.bitdefender.com/consumer/support/answer/29358/

but there was no place to explain exactly what happen and I had to submit the javascript as a file because it was removed from the website, so I decided to add this information here.

I would be interesseted to get feedback on tha validity of the ****** because I'm a developper and I'm not sure this code can really hurt as I don't find how it send the data (but it is obfuscated and parsed with hexadecimal value so it is hard to read, I can share if anyone is interested).

Thank you

Find more posts tagged with

Comments

Flexx

https://community.bitdefender.com/en/discussion/89525/javascript-injection-detected-by-kaspersky-but-not-bitdefender-i-would-like-to-submit-it

Kindly share the virustotal link here and it will be shared with malware researchers and detection will be released in maximum of 72 hours if the sample is found malicious by.

Regards

Flex

(Bitdefender beta tester 2019/ 2020)