Italian corporate banking clients have been the target of an ongoing financial fraud campaign using a web-inject toolkit called drIBAN. The main objective is to modify legitimate bank transfers made by victims by changing the beneficiary and transferring the money to a fraudulent bank, Cleafy researchers stated. 

The use of web injects is a well-established tactic. It allows the malware to inject custom scripts on the client side via a man-in-the-browser (MitB) attack, intercepting traffic to and from the server. Fraudulent transactions are often carried out using what's known as an Automated Transfer System (ATS), capable of bypassing anti-fraud systems.

Over the years, the operators behind drIBAN have become increasingly adept at evading detection and developing effective social engineering strategies. They have also established a long-term foothold in corporate banking networks. According to Cleafy, 2021 was the year of the evolution of the classic banking Trojan operation into an advanced persistent threat.