generic_javascript_obfuscation in ynet.co.il

On 2019-06-09T08:53:22.363495+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page http://ynet.co.il/

The suspicious code sample:

b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b"'mainWeatherSelectText'" … b"'mainAccessibilityButton'" … b"'MarketingCarousel1024'" … b"'/food/article/HJOZoROAE'" … b"'/food/article/HJOZoROAE'" … b"'/vacation/article/rJ9vmkuCN'" … b'"/Ext/Comp/Video/NewV\'' … b'"LightBoxArticlePlayer"' … b'"LightBoxArticlePlayer"' … b"'myNetBottomSlideToLft'" … b'"unipointer/unipointer"' … b'"unidragger/unidragger"' … b'"unipointer/unipointer"' … b'"unidragger/unidragger"' … b'"unipointer/unipointer"' … b"'ExternalWebpageIframeResp'" … b"'ExternalWebpageIframeResp'"

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!