China’s NCGA GOV Site Infected With Hidden Malicious Iframe

Today, we discovered that NingBo SME Credit Guarantee Association (NCGA), a Chinese government web site, is infected with a malicious hidden IFRAME. Of the infected page, is one where member registration is required. Here is the infected webpage:

The iframe is injected at the bottom of the webpage (hxxp://nbdb.nbsme.gov.cn/reg.asp). and the following is a screenshot of the infected iframe:

The malicious iframe when decoded points to additional JavaScript. Here is the decoded script,

Currently, above mentioned malicious site is down.

Be Safe.

Umesh

Security Research
Insights and Research

Join us for the Spring 2021 Series. Register Today

Insights and Research

China’s NCGA Government Site Infected With Hidden Malicious Iframe

Author

ThreatLabz

Recommended for You

Return of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures

Discord CDN: A Popular Choice for Hosting Malicious Payloads

Did COVID Cancel Christmas for Cybercriminals?

DreamBus Botnet – Technical Analysis

Stay up to date with the latest digital transformation tips and news.

By clicking the submit button, you are agreeing to our privacy policy.

Take the first steps on your transformation journey

English

Français

Deutsch

日本語

Subscribe and keep in touch with us!

By clicking the submit button, you are agreeing to our privacy policy.

©2008-2021 Zscaler, Inc. All rights reserved.