Illustration: Rebecca Zisser/Axios
Hackers modified a Pakistani government website where citizens can request passports to spy on its visitors, according to researchers at Trustwave. The infection is still active.
The big picture: The code added to the website, known as Scanbox, performs reconnaissance on visitors and has been associated with espionage attacks in the past. Other actors use it too, and Trustwave is not attributing the attack to any government or criminal groups.
Details: Scanbox logs keystrokes, providing hackers with users' login information, and it also sends back information about the user's system.
- "Since it's a website that requires login, it gets those credentials," Ziv Mador, Trustwave vice president of threat research told Codebook.