ScanBox JavaScript Keylogger Hijacks News Sites in China‑Based Watering‑Hole Campaign

A China‑originated APT group identified as TA423 has been weaponizing the open‑source ScanBox JavaScript keylogger in a series of watering‑hole attacks. The threat actors compromised several high‑traffic news portals, injecting malicious scripts that silently capture keystrokes, form inputs, and session cookies from any visitor. The malicious code is delivered through legitimate page loads, making detection difficult for typical web filters.

Defenders should prioritize monitoring outbound traffic for unusual data exfiltration patterns, especially to known ScanBox command‑and‑control endpoints. Implementing strict content‑security policies, regularly scanning third‑party scripts for integrity, and applying rapid patch cycles to web‑application frameworks can mitigate the risk of credential theft and broader compromise stemming from this campaign.

Categories: Threat Intelligence, Malware & Ransomware

Source: Read original article