Add to Favourites
To login click here
Unit 42 researchers have discovered a malicious JavaScript (JS) injection campaign that has been active since 2022 and continues to infect websites in 2023. The campaign has been detected on more than 51,000 websites, including hundreds of websites in Tranco’s top 1 million website ranking list. The threat is multifaceted, using obfuscation and benign append attacks to bypass detections and inject multiple variants of malicious JS code samples into the websites. Our novel adversarial deep learning technique, Innocent Until Proven Guilty (IUPG), detected multiple variants of the injected JS code.