GitHub Hosts Infostealer

GitHub Hosts InfostealerA few months ago, we reported on how cybercriminals were using GitHub to load a variety of cryptominers on hacked websites. We have now discovered that this same approach is being used to push binary “info stealing” malware to Windows computers.

Infected Magento Sites

Recently, we identified hundreds of infected Magento sites with the following injected script:

https://strongbit.wo[.]tc/js/lib/js.js/strong

The contents of the js.js file included:

This code creates a hidden div and after a short delay displays a fake Flash Player update banner above the normal site content.

Continue reading GitHub Hosts Infostealer at Sucuri Blog.

Source: Scuri check