The KNF site had been previously infected to host a malicious JavaScript file, according to Zaufana Trzecia Strona, a local Polish news site. Visitors accessing the KNF website loaded the malicious JavaScript file as part of the websites regular resources.
The affected Polish banks said the malware that infected their computers and servers encrypted its outgoing traffic and they were not able to tell what the attackers stole. Still, the financial institutions reassured their clients by saying that they have not detected any unauthorized transactions, but only the mysterious outgoing traffic.
The Polish banks detected downloads of suspicious files and encrypted traffic going to uncommon IPs situated in many foreign countries, the Polish publication continues. Furthermore, this malware has a zero detection rate on VirusTotal and appears to be a new malware strain, never-before-seen in live attacks.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now