A new JavaScript malware campaign has targeted over 40 financial institutions worldwide, affecting at least 50,000 user sessions in North America, South America, Europe, and Japan. Detected by IBM Security Trusteer in March 2023, the malware uses JavaScript web injections delivered through scripts from a threat actor-controlled server. The campaign aims to compromise banking applications and intercept users' credentials. The malware alters login pages, harvesting login credentials and one-time passwords when victims visit targeted bank websites. The injected script dynamically queries a command-and-control server and adapts its behavior based on the information obtained, erasing traces of injections and introducing fraudulent elements to bypass security measures. The malware's origins are uncertain, but indicators suggest a possible connection to the DanaBot stealer and loader family. This sophisticated threat showcases advanced capabilities, particularly in executing man-in-the-browser attacks with dynamic communication, web injection methods, and adaptability based on server instructions and page state. The campaign highlights the ongoing challenges posed by sophisticated malware targeting online banking users.