A wave of advanced web threats has led to over 269,000 legitimate websites infected with JSFireTruck malware within a month. This omnipresent threat, publicly reported by security researchers, injects and heavily obscures JavaScript code, silently redirecting users from trusted websites to fraudulent pages that can deliver malware payloads, malvertising, and other scams. Given the scale and hidden operation of this effort, strong prophylactic measures are essential for anyone who runs a website.
JSFireTruck malware uses a special obfuscation method that only using small ASCII letters to obfuscate their payload to avoid analysis. It focuses on visitors entered from search engines (such as Google, Bing, Yahoo!, and AOL) by reviewing the document.
Referrer and redirects then to malicious URLs. The high number of these infections indicates an organized campaign to transform clean websites into an attack platform.
For Website Administrators
Timely Security Updates: The best defence is to ensure that your web servers, CMS, plugins and themes are always up to date with the latest security patches. Using old software also is a prime way attackers break in.
Website Audits and Monitoring : Perform regular audits of your website for unauthorized code injections or backdoors. Utilize real-time monitoring capabilities to identify any suspected malicious behavior, file modifications or abnormal traffic activity. Web Application Firewalls(WAFs) can be utilized to aid escrow traffic.
Authentication and Access Control: We recommend that you use strong and unique passwords and multi-factor authentication (MFA) for all administrative access and user accounts. Restrict the access permissions to only certain people that must have them.
Cage The Beast (Content Security Policy): A strictly implemented Content Security Policy will ensure your site is not executing scripts from unknown entities, thus reducing the potential for harm from injected malicious JavaScript.
Limit Scripting Languages: Limit supported scripting languages your web server supports to eliminate any unnecessary members from the possible attack surface.
SSL/TLS Encryption: Always opt for SSL/TLS encryption (HTTPS) wherever you can to secure how data is exchanged and make the Web a safer place.
For Internet Users
Browser Security: Make sure to keep your web browser updated to the most recent version, since new updates frequently include key security patches. If you are a browser type of person, you might want to try installing one of those add-ons that blocks malware scripts or popups.
Anti Virus and Anti Malware: Be sure to keep your operating system up to date and the anti virus software current and run scans.
Watch for Redirects: If you tap a link and you are taken to a website for which you had no intention of visiting, especially if that website is asking for your personal information or even to download a totally random piece of software, close out that tab right away.
Check URLs: Always verify the URL in your browser’s address bar after you arrive on a page, especially if it’s a login page or has requested any sensitive information.
Download from a Trusted Source: Download only reputable files or software.
The JSFireTruck campaign is just another example of increasingly more complicated web attacks. In such an ever-changing threat landscape, proactive measures for creating a multi-layered security plan are fundamental to defend website integrity and keep the visitors safe.
