JSFireTruck Obfuscation Helps Cybercriminals Hijack Trusted Sites with Malicious JavaScript

A sophisticated and extensive cyber attack campaign has been uncovered, in which threat actors are compromising legitimate websites to inject highly obfuscated JavaScript code.

Dubbed “JSFireTruck,” this obfuscation technique enables cybercriminals to quietly redirect unsuspecting visitors to malicious sites capable of delivering malware, executing exploits, and serving unwanted advertisements.

The campaign, detected across over 200,000 webpages in just one month, underscores the evolving tactics used by attackers to exploit trusted domains for nefarious purposes.

At the heart of this campaign is the use of a programming style known as JSFireTruck (a sanitized nickname for a similarly named method containing profanity).

This technique relies on type coercion and utilizes only a handful of characters, primarily.

[, ], (, ), !, and +—to construct executable JavaScript in a form that’s highly challenging to security analysts to decipher at first glance.

By leveraging the JavaScript interpreter’s ability to convert between ...