WordPress sites infected with malware from fake jQuery files - Synopsys

WordPress sites infected with malware from fake jQuery files – Synopsys

Comments by: Tim Mackey, Principal Security Strategist, Synopsys Software Integrity Group

Each programming language has its own paradigms for how code is executed, and for languages like JavaScript, all that’s required is the file. This means that if anyone is able to replace a legitimate version of a file, such as the jQuery Migrate plugin, then they are able to attack anyone who executes the code in the file.

Since a normal visitor to a website really can’t determine legitimate from malicious, it’s up to the website operator to have rigorous controls in place to ensure that what they are running is what should be running. In other words, are the files present on the web server trusted? Assuming all files are vetted and start out in a trusted state, if at any point someone or something can modify it, then that’s also a point when an attacker could compromise the file.

Defending against such an attack requires both a vetting and verification process up-front as well as a threat model for the lifecycle of each file.

This site uses Akismet to reduce spam. Learn how your comment data is processed.