Cybercriminals Compromise Official Website of jQuery

HELP NET SECURITY reported on 23rd September, 2014 stating that jQuery.com, the certified website of the renowned cross-platform JS (JavaScript) library of the same name had been hijacked and redirecting visitors to a malicious site hosting the RIG exploit kit and eventually delivering data stealing malware.

RiskIQ, a Risk management software company, reported that jQuery.com was attacked and said that the redirected page in question, jquery-cdn(.)com was still alive and redirecting visitors. RiskIQ confirmed that it has informed jQuery.com about the attack.

Threatpost.com reported on 23rd September, 2014 quoting James Pleger, Director of Research, as saying "victims were compromised in a drive-by download attack at the jQuery website which was redirecting browsers to the site hosting RIG."

RIG was discovered early this year and like other exploit kits, it targets vulnerabilities in popular applications like Java, Microsoft's Internet Explorer, Adobe Flash and Silverlight programs.

Attackers found the website of jQuery weak and injected malicious JavaScript which redirects victims. RiskIQ said that it detected malware on compromised machines which steals credentials and other data.

The security firm says that the jQuery library itself doesn't look to be affected by the attack but the malware infected the website and advised those who visited the website during the apparent attack to re-image their machines.

SecurityWeek published news on 23rd September, 2014 quoting Pleger as saying "RiskIQ consulted researchers of Dell and determined that the malware which is being served in this particular attack is Andromeda."

Pleger said that the attack affected companies in several sectors like technology, banking and defense. Although the security firm RiskIQ hasn't been able to identify all the victims of this campaign, they have identified all the affected companies and informed them.

RiskIQ observed that it is particularly disturbing to discover information embezzling malware on jQuery.com because of the demographic of jQuery visitors (who are) usually web developers and IT systems administrators including huge contingent working within enterprises.

Obviously, these individuals have privileged access to backend systems, web properties and other critical infrastructure.

Planted malware which can steal credentials from systems owned by privilege account holders inside companies could allow attackers to mutely compromise systems of enterprise which is same as happened in the infamous Target breach.

» SPAMfighter News - 10/3/2014