JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique
1 min read
Summary
The JSF*ck (profanity masked) campaign uses the JSFireTruck obfuscation technique, with injected script focusing on redirection to malicious URLs based on the website referrer.
Websites have been injected with malicious JavaScript that uses JSFireTruck obfuscation, which we’ve detected across tens of thousands of webpages in just three months.
The injected JavaScript checks the website referrer and, if it comes from a search engine, it performs a redirect to malicious URLs, serving malware downloads and leading to other harmful activities.
This method of malicious redirection depends on type coercion, so readers should be suspicious of webpages with large amounts of ASCII characters and numbers, as they may be attempting this obfuscation.
Ensure your security platform has the capability to detect JavaScript-based threats, and that your cybersecurity awareness training includes guidance on the risks of cyberattacks on internet-facing websites.
By Hardik Shah, Brad Duncan and Pranay Kumar Chhaparwal
