uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites,’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.


Embedded Malware: Account Takeovers Multiplying

Robert McGarvey recently covered the topic of account takeover attempts in his regular column in the Credit Union Times. Michelangelo Sidagni, NopSec’s Chief Technology Officer was quoted, “This is a fast-growing problem.”

Phishing and account takeovers are a really scary prospect. And as Mr. McGarvey outlines in his article, both the frequency and sophistication of the attempts are on the rise. I’ve personally been a victim of embedded malware disguised to look like a Java update. Luckily I was able to recognize it and remedy the issue before any serious damage occurred.

How account takeovers work

Malware is embedded into an attacker-controlled webpage and is delivered via a phishing email with a link. The landing page contains obfuscated JavaScript that determines what is on the victim’s computers and loads all exploits to which this computer is vulnerable and sometimes a Java applet tag that loads a Java Trojan horse.

How vulnerability management helps

There are multiple facets to protecting users from these type of attacks. Because phishing intersects both technology and human nature, there is no silver bullet. Mr. McGarvey discusses some of the monitoring practices being employed by financial institutions. From NopSec’s perspective, eliminating the exploitable IT security vulnerabilities on infrastructure (such as networks and domain controllers) and applications (such a web applications that are public facing) is a way to combat the issue and limit risk.

Schedule a Product Demo Today!

See how NopSec's security insights and cyber threat exposure management platform can organize your security chaos.