Attention: We will be transitioning to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access.
JS/Banker.gen!A redirects your browser when you try to go to any of the websites associated with the following companies; the complete list contains banks, payment systems, email and social media, and security programs:
In Brazil:
B!Cash
Banco Amazonia
Banco Banese
Banco Banrisul
Banco Bradesco
Banco do Brasil
Banco ItaĆŗ
Banco Santander
Banco Sicredi
Caixabank
Cetelem Brasil
Check Check
CheckOK
Citibank
Confirme Online
Credicard
DigitalSSL
Equifax Brasil
HSBC Brasil
Ingresso
Intouch
Pagseguro
Safra Group
Serasa Experian
SPC Brasil
TAM
UOL Produtos e Servicos
In Russia:
Ebiblioteka
Promsvyazbank
Qiq
Rustorka
Rutracker
Sberbank
Telebank
Visa Qiwi Wallet
Payment systems:
American Express
Mastercard
Paypal
Visa
Email and social media:
4shared
Facebook
Gmail
Hotmail
Live
MSN
Orkut
Sogou
Twitter
Security-related websites:
Linha Defensiva
Phishtank
Threat Expert
Virus Total
VirusScan
...and majority of antivirus vendor websites
Additional information
TrojanProxy:JS/Banker.gen!A is a detection for malicious Proxy Auto-Config (PAC) files.
PAC files are similar to the HOSTS file in that they can redirect your browser to another website other than the one you originally intended to visit. They are usually set as the configuration script for your Local Area Network (LAN) settings.
