By: ThreatLabz

China’s NCGA Government Site Infected With Hidden Malicious Iframe


Today, we discovered that NingBo SME Credit Guarantee Association (NCGA), a Chinese government web site, is infected with a malicious hidden IFRAME. Of the infected page, is one where member registration is required. Here is the infected webpage:



The iframe is injected at the bottom of the webpage (hxxp:// and the following is a screenshot of the infected iframe:

The malicious iframe when decoded points to additional JavaScript. Here is the decoded script,


Currently, above mentioned malicious site is down.

Be Safe.




Learn more about Zscaler.