Numerous websites worldwide have been subjected to SQL injection attacks by newly-discovered threat actor Boolka deploying the modular BMANAGER trojan since 2022, reports The Hacker News.
Intrusions involved the distribution of malicious JavaScript code that not only facilitates user input and interaction gathering and exfiltration but also redirects to a fake loading page luring targets to download the BMANAGER trojan downloader as a browser extension, according to a Group-IB analysis. Execution of BMANAGER then enables the delivery of four other payloads with data harvesting, running app recording, keystroke logging, and stolen data exporting capabilities, with the trojan also leveraging scheduled tasks for persistence, said researchers, who noted the increasing sophistication of Boolka's operations since its emerged two years ago. "The injection of malicious JavaScript snippets into vulnerable websites for data exfiltration, and then the use of the BeEF framework for malware delivery, reflects the step-by-step development of the attacker's competencies," added researchers.