Malware has infected several banks in Poland. Polish banks noticed some strange network activity and unauthorized files on some machines in their networks. After thorough investigation and coordination between various banks, they found that the origin of the infection is the KNF’s website, which is actually, the financial regulatory authority in Poland. 
Zaufana Trzecia Strona, a Polish news site, initially reported the attack. According to the news, security teams in various Polish banks noticed mysterious file downloads and traffic towards suspicious IPs in different foreign countries. The users who accessed the KNF website get infected with a malicious JavaScript file.This malicious file installs a remote access Trojan(RAT) on the victim machines. The motivation behind the attack is not still known. Banks reported that they do not have knowledge of any direct financial losses due to this attack. The investigation is still going on to identify the scope of loss and the real intention behind this massive attempt to disrupt Polish banking industry. Passive Total does confirm the observation and the finding related to external resources included in knf.gov.pl website since 2016-10- 07 till yesterday.
To unauthorized code was located in the following file:
It looked like document.write("
Disclaimer:Secure Reading (SR) has no confirmed sources for the information shared in the above news/articles. It relies on various unconfirmed inputs, social media claims, and websites for its content, and cannot guarantee the accuracy, timeliness, and genuineness of the same. If there is any error in the news, and once it is brought up to our attention with relevant evidence, SR is willing to make necessary corrections as applicable.