eBay JSFu*k Vulnerability Allows Attackers to Peddle Malware and Phishing Sites

It's not very often that you find yourself viewing a website that is outright malicious in its content. Most times, malicious sites or ones that have clever phishing techniques are masked in some way to hide their true identity. Seldom do we find a site that screams "malicious," which is why a site like eBay has been the recent brunt of attacks carried out through user-created eBay stores to peddle malware and launch phishing sites.

We have stressed the validated argument that hackers and cybercrooks back down at nothing to find new creative ways to attack people on the internet. Even so, cybercrooks use many trusted and high-traffic sites to launch their latest malware campaign. As such, eBay has been a service where crooks have found a vulnerability in its online platform that allows attackers to launch phishing sites and push malware to site visitors through a JSFu*k JavaScript library.

The JavaScript library in question, dubbed JSFu*k (replace the asterisk with "c"), has been one that was constructed by Martin Kleppe, a developer who may have found fun in developing and sharing his clever coding that is loosely based on the core of JavaScript. In constructing such JavaScript, Kleppe has enabled others to take the lengthy code and execute it in any web browser. It just so happens that the JSFu*k attack code, made up of [, ], (, ), !, and + characters, is invisible to eBay's security and never prompts an alert. Therefore, eBay stores may be setup to host the code opening up a pathway for attackers to distribute their store's links to their desired targets.

While the task of creating an eBay store is simple, attackers must initiate the spread of their malicious store's links. When such a store is loaded into a web browser, the user is redirected to a page that later displays popup messages through the phishing site asking for user information. The information asked is usually your eBay login, which may be sent to the cybercrooks to later log into your eBay account and perform endless actions that may end up costing you money or risks identity theft.

The video below is a quick demonstration of the phishing site in action as a user clicks on a link within an eBay store that is using the malicious JavaScript JSFu*k code.

As we know with phishing sites, they can be aggressive in their actions and eventually are successful in obtaining personal data from unsuspecting users. The case of eBay's vulnerability, the attack may be two-fold where it attempts to collect personal information and eventually installs a malicious application on your PC or smartphone device.