Online Bank Account Takeover via Webinjects in 2025 - Old Techniques Still Work

John Mancuso

It’s 2025, we don’t need to worry about banking webinjects anymore, right? Wrong. This presentation demonstrates that banking webinjects are still highly effective for enabling fraudsters to takeover online bank accounts. We will describe how we became aware of this fraud group and how we investigated and confirmed their activities through malware reverse engineering and fraud investigation. The webinjects are highly reminiscent of those used by the prolific Zeus banking trojan, showing that even today, old techniques that some security practitioners assumed were no longer active are still highly effective.