Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

Five ways identity-based attacks are violating retail

Rondodox Botnet Exploits TBK DVR and 4 faithful router flaws launch Explaws DDOS attack

Over 17,000 fake news websites caught fuel supply investment scams worldwide

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » Over 269,000 websites infected with JSFiretruck JavaScript malware
Identity

Over 269,000 websites infected with JSFiretruck JavaScript malware

userBy userJune 13, 2025No Comments3 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

June 13, 2025Ravi LakshmananWeb Security/Network Security

jsfiretruck javascript malware

Cybersecurity researchers are paying attention to “large campaigns” that undermine legitimate websites with malicious JavaScript injections.

According to Palo Alto Networks Unit 42, these malicious injections are obfuscated using JSFuck. This refers to an “exorable and educational programming style” in which code is written and executed using only a limited set of characters.

Cybersecurity companies have given the technique an alternative name for JSFiretruck for blasphemy to be involved.

“Several websites are identified in injected malicious JavaScript that uses JSFiretruck Obfuscation, which is primarily composed of symbols. [, ]+, $, {, and }, “Security researchers Hardik Shah, Brad Duncan, and Pranai Kumar Chapalwal stated that “code obfuscation prevents analysis and hides its true purpose.”

Cybersecurity

Further analysis determined that the injection code was designed to check the website referrer (“Document.Referrer”) which identifies the address of the web page on which the request occurred.

Referers are Google, Bing, Duckduckgo, Yahoo! , or if it’s a search engine like AOL, JavaScript code will redirect victims to malicious URLs that can provide malware, exploits, traffic monetization, and fraud.

Unit 42 said 269,552 web pages were discovered that were infected with JavaScript code using the JSFiretruck technique between March 26th and April 25th, 2025. The campaign surge was recorded on April 12, when over 50,000 infected web pages were recorded in one day.

“The size and stealth of the campaign pose a huge threat,” the researcher said. “The broad nature of these infections suggests coordinated efforts to compromise legitimate websites as an attack vector for further malicious activities.”

Say hellotds

Development is underway as Gen Digital has removed site visitors from fake Captcha pages, technical support scams, fake browser updates, unnecessary browser extensions, and sophisticated traffic delivery service (TDS), called HellotDS, designed to start a site using the site to start a site with fake Captcha pages, technical support scams, fake browser updates, unnecessary browser extensions, and Cryptocurrency Scams via rimmed JavaScript code.

The main purpose of TDS is to act as a gateway and determine the exact nature of content delivered to the victim after fingerprinting the device. If the user is not considered the appropriate target, the victim will be redirected to a benign web page.

“The campaign entry points are fraudulent or attacker-controlled streaming websites, file sharing services, and campaigns,” researchers Vojtěch Krejsa and Milan Sipinka said in a report released this month.

“Victims are evaluated based on geographical, IP address, and browser fingerprints. For example, connections via a VPN or headless browser will be detected and rejected.”

Some of these attack chains are known to leverage Clickfix strategies to trick users into running malicious code and provide fake Captcha pages that infect machines with malware known as Peaklight (aka Emmenhtal Loader), known to server information steelers like Lumma.

Cybersecurity

The heart of the HelloTDS infrastructure is the use of top-level domains of .top, .shop, and .com, which are used to host JavaScript code and trigger redirects following a multi-stage fingering process designed to collect network and browser information.

“The Hellotds infrastructure behind the fake Captcha campaign shows that attackers continue to improve the way in which they circumvent traditional protections, avoid detection, and selectively target victims,” ​​the researchers said.

“By leveraging sophisticated fingerprints, dynamic domain infrastructure, and deception tactics (such as mimicking legitimate websites and providing benign content to researchers), these campaigns achieve both stealth and scale.”

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleRSPCA praises UK animal products labeling reform
Next Article Alexandr Wang leads Zuckerberg’s AI ambitions by joining the meta in a $14.3 billion deal with the scale AI left
user
  • Website

Related Posts

Five ways identity-based attacks are violating retail

July 8, 2025

Rondodox Botnet Exploits TBK DVR and 4 faithful router flaws launch Explaws DDOS attack

July 8, 2025

Over 17,000 fake news websites caught fuel supply investment scams worldwide

July 8, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Five ways identity-based attacks are violating retail

Rondodox Botnet Exploits TBK DVR and 4 faithful router flaws launch Explaws DDOS attack

Over 17,000 fake news websites caught fuel supply investment scams worldwide

What are the factors that prevent the adoption of EVs in the UK?

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

Robots Play Football in Beijing: A Glimpse into China’s Ambitious AI Future

TwinH: A New Frontier in the Pursuit of Immortality?

Meta’s Secret Weapon: The Superintelligence Unit That Could Change Everything 

Unlocking the Power of Prediction: The Rise of Digital Twins in the IoT World

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.