{
	"id": "8cd9fbd8-87ac-44f6-b83e-139d39b3c693",
	"created_at": "2026-04-10T03:20:00.116361Z",
	"updated_at": "2026-04-10T13:12:49.443789Z",
	"deleted_at": null,
	"sha1_hash": "3b3f296d58483eab0ebc45609da321099d5813ae",
	"title": "Polish Banks Infected with Malware Hosted on Their Own Government's Site",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1918279,
	"plain_text": "Polish Banks Infected with Malware Hosted on Their Own\r\nGovernment's Site\r\nBy Catalin Cimpanu\r\nPublished: 2017-02-06 · Archived: 2026-04-10 02:30:39 UTC\r\nSeveral Polish banks said they suffered malware infections after their employees visited the site of the Polish\r\nFinancial Supervision Authority (KNF), which had been previously infected to host a malicious JavaScript file.\r\nZaufana Trzecia Strona, a local Polish news site, first reported the attacks late Friday, last week. The news site\r\nsaid that during the past week, the security teams at several, yet unnamed, Polish banks detected downloads of\r\nsuspicious files and encrypted traffic going to uncommon IPs situated in many foreign countries.\r\nAs employees at different banks started looking into their systems, they found malware installed on numerous\r\nworkstations and even some servers.\r\nKNF website hosted malicious JavaScript file\r\nSubsequent investigations and a cooperation between different banks eventually discovered the source of the\r\ninfection as being the official website of KNF, which, ironically, is the regulating body that keeps an eye out for\r\nthe security of financial systems in Poland.\r\nhttps://www.bleepingcomputer.com/news/security/polish-banks-infected-with-malware-hosted-on-their-own-governments-site/\r\nPage 1 of 3\n\nAccording to reports, KNF's website had been compromised for well over a week, as an unidentified attacker had\r\nmodified one of the site's JavaScript files.\r\nKNF website (via: Zaufana Trzecia Strona)\r\nVisitors accessing the KNF website would load the malicious JavaScript file as part of the website's regular\r\nresources.\r\nJavaScript file would lead to RAT infection\r\nThe JavaScript code worked by opening a hidden iframe and forcibly downloading a file on the victim's\r\ncomputers. Users that discovered and executed this file would install a remote access trojan (RAT) on their\r\ncomputers.\r\nAccording to Zaufana Trzecia Strona, this malware has a zero detection rate on VirusTotal and appears to be a new\r\nmalware strain, never-before-seen in live attacks.\r\nKNF's staff have cleaned their site and along with the affected banks, have reported the incidents to CERT.pl.\r\nThey also released a statement acknowledging the website hack on Friday, but haven't provided other details about\r\nthe attack.\r\nThe affected Polish banks said the malware that infected their computers and servers encrypted its outgoing traffic\r\nand they weren't able to tell what the attackers stole.\r\nNo customer funds stolen\r\nBanks reassured their clients and said they haven't detected any unauthorized transactions, but only the mysterious\r\noutgoing traffic.\r\nLocal media believes the attack is the work of a foreign intelligence agency. A more believable theory would be\r\nthat this is the work of one of the many cyber-crime syndicates specialized in cyber-thefts from financial\r\ninstitutions.\r\nhttps://www.bleepingcomputer.com/news/security/polish-banks-infected-with-malware-hosted-on-their-own-governments-site/\r\nPage 2 of 3\n\nThe attacks have the signs of classic network reconnaissance operations, where hackers gather intelligence in\r\norder to create a map of a victim's network before launching their final assaults.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one\r\nwithout the other.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three\r\ndiagnostic questions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/polish-banks-infected-with-malware-hosted-on-their-own-governments-site/\r\nhttps://www.bleepingcomputer.com/news/security/polish-banks-infected-with-malware-hosted-on-their-own-governments-site/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/polish-banks-infected-with-malware-hosted-on-their-own-governments-site/"
	],
	"report_names": [
		"polish-banks-infected-with-malware-hosted-on-their-own-governments-site"
	],
	"threat_actors": [],
	"ts_created_at": 1775791200,
	"ts_updated_at": 1775826769,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3b3f296d58483eab0ebc45609da321099d5813ae.pdf",
		"text": "https://archive.orkl.eu/3b3f296d58483eab0ebc45609da321099d5813ae.txt",
		"img": "https://archive.orkl.eu/3b3f296d58483eab0ebc45609da321099d5813ae.jpg"
	}
}