Update: Senheng has confirmed with us that they have removed the offensive malware code and are currently investigating the attack on their site – which they believe was deliberately timed to coincide with the launch of the Samsung Galaxy S10 online sale.
We can also independently verify that both senheng.com.my and senq.com.my is now free from any malicious code and is safe to use.
–Original Story follows–
If you’re planning on ordering Samsung’s latest flagship Galaxy S10 from Senheng or SenQ stores online, we recommend you find an alternative option as we can confirm that the sites are infected with a very nasty information harvesting malware.
Most updated anti-virus software would have stopped you from accessing the sites, but with most users these days conducting their transactions on mobile devices, there is a very high likelihood that many unsuspecting users might have fallen victim to the malware.
The suspicious piece of code, which is present on almost all pages of both sites points to a server hosted in the Russian Federation at 5.45.81.177. What we can ascertain so far is that the code copies out the confidential data keyed in to the legitimate site, and send it out to the suspicious server.
Thank you to xDragonZ and the rest from the Galaxy s10 discussion thread for bringing this to our attention.
