Italian corporate banking clients have been the target of an ongoing financial fraud campaign that has been leveraging a new web-inject toolkit called drIBAN since at least 2019. The main goal of these fraud operations is to infect Windows workstations inside corporate environments and alter legitimate banking transfers by changing the beneficiary and transferring money to an illegitimate bank account, according to researchers at Cleafy. The bank accounts being used in these fraudulent transactions are either controlled by the threat actors themselves or their affiliates, who are then tasked with laundering the stolen funds. The use of web injects is a time-tested tactic that makes it possible for malware to inject custom scripts on the client side by means of a man-in-the-browser (MitB) attack and intercept traffic to and from the server. The operators behind drIBAN have gotten more savvy at avoiding detection and developing effective social engineering strategies, in addition to establishing a foothold for long periods in corporate bank networks. This is a serious problem for Italian corporate banking clients, as these fraudulent activities can result in significant financial losses. Banks and other financial institutions should be aware of this threat and take steps to protect their customers.