Date: 06/02/2026
Severity: High
Summary
A recent threat assessment has identified a highly advanced banking Trojan delivered through a malicious browser extension, specifically targeting Australian banking customers. Unlike conventional malware that disrupts systems or causes noticeable damage, this threat is designed to remain undetected. It integrates directly into the victim’s web browser and operates within legitimate, authenticated banking sessions, enabling malicious activity while appearing to be part of normal user behavior.
Indicators of Compromise (IOC) List
Hash : | 33cc551117d38307e7a1a4ab3ebf218aefc93d89da67fbf9dde52db6573b977e
34244257f633e104d06b0c4273caca96eb916d26540eeea68495707cbc920bdb
820900d48491cd12dbb8c61be0ba05cdaf61f1ef4ea7225becb01afc02b26dab
11a12496a1d996a8ca40ab2d182820874c59718cfe78058678ec9897328bdb76
02edcf92392753a64413fbf5c76065d7f9e5325521a3e8325eda32f28c51af6c
272c70fe496262e7ed5456fd0e2cf6d4275a972f932283854f6b0d9cb5aceffd
d5d26673200b1194341d510015140307c0c8847c92ca86556f05defece8f6a2c
867c900f2bd95ad71c8867c7e26e355d21f97500095bdaf41891f2b5f204aca7
|
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Detection Query 1 : | sha256hash IN ("820900d48491cd12dbb8c61be0ba05cdaf61f1ef4ea7225becb01afc02b26dab","d5d26673200b1194341d510015140307c0c8847c92ca86556f05defece8f6a2c","34244257f633e104d06b0c4273caca96eb916d26540eeea68495707cbc920bdb","33cc551117d38307e7a1a4ab3ebf218aefc93d89da67fbf9dde52db6573b977e","11a12496a1d996a8ca40ab2d182820874c59718cfe78058678ec9897328bdb76","02edcf92392753a64413fbf5c76065d7f9e5325521a3e8325eda32f28c51af6c","272c70fe496262e7ed5456fd0e2cf6d4275a972f932283854f6b0d9cb5aceffd","867c900f2bd95ad71c8867c7e26e355d21f97500095bdaf41891f2b5f204aca7")
|
Reference:
https://www.ibm.com/think/news/invisible-thief-sophisticated-browser-extension-emptying-bank-accounts