Cyber attack where malicious code was inserted into 51,000 different websites

There was a cyber attack where malicious code was inserted into 51,000 different websites through JavaScript. 

The malicious JavaScript injection campaign has affected more than 51,000 websites from 2022 to early 2023. The malware authors used obfuscation and multistep injections to redirect victims to malicious web pages. The campaign has potentially affected a large number of internet users, including those who visit websites that ranked in the Tranco top 1 million websites. To prevent such attacks, website owners and customers are recommended to keep their third-party plugins and software up to date.

The Innocent Until Proven Guilty (IUPG) deep learning model detected multiple variants of the malicious JS code by isolating malicious subpatterns in a benign content background. The IUPG model is part of the Advanced URL Filtering cloud-delivered security service, which detects and classifies malicious content from offline crawlers and inline, real-time analysis of traffic on the firewall.

Customers who use Advanced URL Filtering and DNS Security subscriptions are protected against the known URLs and hostnames of the malicious JS injection campaign. A link to known indicators of compromise is also provided to help combat the threats discussed in this post.

Source: Researcher of unit42.