Even After Patching, Attackers Found A Different Way To Exploit eBay Users
Two weeks ago, the Cybersecurity firm Checkpoint has discovered the JSF*** XSS bug. Now JSF*** XSS bug is being used in real-world attacks on the platform of eBay, even when the eBay had already neutralized it.
Is JSF*** XSS bug is hard to detect?
JSF*** XSS bugs are really very difficult to detect because it has a non-standard character set. JSF*** XSS bug stored in the product's description by passing through the eBay's XSS filter. And the malicious code in product page will get executed once when the user's access the product page, right on the eBay store.
Most of the users arrive there because of many reasons:
>> By clicking on actual eBay.com links.
>> Most of them had their guard down.
This JSF*** XSS bug firstly launched on main domain of eBay.
The previous fix of eBay was not sufficient:
Previously when this bug came, eBay refused to patch the issue, but because of pressure from InfoSec community, eBay had released a partial fix which is not that much effective according to the firm Netcraft (a security and monitoring firm). They have observed the real world instances where the eBay visitors have been affected by this bug.
According to the firm Netcraft "in order to create malicious product listening for vehicles, user's accounts have been compromised by the hackers, almost all accounts are of eBay users, and because of having legitimate activities in their profile they are hard to detect,"
Curiously, the crooks employing JSF*** aren't stealing eBay passwords
"Not only is it rather cleverly launched from the legitimate eBay site, and uses randomly-named files that are deleted to evade detection, but it also tries to avoid leaving any evidence in eBay's server logs," Netcraft researchers noted about this most recent campaign that employs JSF***.
Only the email addresses have been stolen by this phishing campaign, not any password. Because through the escrow service, payment link is sent to the user through an email along with the address and they are using the user's interest in the eBay product. Once the customer initiates a payment link, the crooks will keep all the money.