SecurityTube

Hackers pollute legitimate JavaScript code to spread malware

JB

Most hackers have stopped creating malicious sites long ago and have reverted to hacking legitimate ones and booby-trapping them with exploit kits, malware or malicious scripts. After all, these sites already have their own visitors, and have already been listed and approved by search engines.

According to Sophos researchers, the latest trend among hackers is to inject malicious code into legitimate JavaScript already present on the compromised websites.

"The JavaScript is automatically loaded by the HTML webpages and inherits the reputation of the main site and the legitimate JavaScript," they point out the benefit of this approach, noting that it has the added advantage of the detection occasionally being discarded as a false positive.