Security researchers have identified a new watering hole campaign that compromises legitimate websites to deploy the ScanBox keylogger. The attack targets visitors of specific industry websites, particularly in the defense and technology sectors.
'What makes this campaign particularly dangerous is the use of compromised but otherwise legitimate websites,' explained a Threatpost analyst. 'Users have no reason to suspect the sites they regularly visit have been weaponized.'
The ScanBox keylogger captures keystrokes, takes screenshots, and exfiltrates data to command-and-control servers. Organizations in the defense industrial base are advised to review their web browsing policies.
