JavaScript malware

A JavaScript file classified as malware was found on the website. This is a malicious script executed in all visitors’ browsers under the domain it was found on.

What can happen?

The attacker is able to execute anything in the visitor’s browser under your domain. In that aspect this is similar to XSS.

The attacker can take advantage of the site’s traffic to infect the visits using browser exploits. Malware can could also be used to keep any activity happening on the web site under surveillance, including login credentials, credit card data, or any other sensitive data.

Example

In 2016, it became very popular to automatically hack multiple web sites and upload a JavaScript file that would run in every visitor's browser. This script was there to steal credit card credentials by automatically copying them if an input matching a credit card was detected.

By placing just a few lines of JavaScript on the hacked websites, attackers were able to gather a lot of credit card data, all without having to run anything suspicious on the server and thus increasing the risk of any admin discovering it and locking out the hackers.

Everything points to the possibility of there being more attacks like this in the future and there are no signs of this type of attack being in decline.

Remediation

The first step is to delete the file, but understanding how it got there in the first place is equally important. If you are not able to identify how your website was hacked and protect it against this type of attack, chances are it will soon happen again.

Even if the hole the attackers first came in through is discovered and fixed, a backdoor could still remain. If possible, reset the system with a backup done before the attack happened or let someone more experienced in the field take a look at it.