InTheBox is promoting an inventory of 1,894 web injects, on Russian cybercrime forums, for pilfering credentials and sensitive data from eCommerce, banking, and crypto apps.
- The overlays support several Android banking trojans and impersonate apps operated by organizations across the globe.
- Initially, the web injects targeted organizations in the U.S., South America, and Australia. However, later the scope was expanded to 44 countries.
- As of January 2023, InTheBox offers 814 web injects compatible with Ermac, Octopus, Metadroid, and Alien for $6,512, 495 web injects compatible with Cerberus for $3,960, and 585 web injects compatible with Hydra for $4,680.
- For buyers not interested in the entire package, individual web injects cost around $30.
- Due to the mass availability and low cost of web injection, threat actors are able to focus on other parts of their operations, including malware development and expanding their attack surface.
- Furthermore, these injections can check the validity of credit card numbers entered by victims using the Luhn algorithm which helps Android Trojan operators to remove irrelevant data.
To guard against such threats, the researchers recommend following cyber hygiene practices such as only downloading software from trusted sources, installing and upgrading antivirus software, and enabling Google Play Protect on Android devices. Furthermore, banks and other financial institutions should properly educate their customers to protect themselves from malware attacks through various vectors.