js/spy.banker.iz on checkout page (false positive?)

[BigNigel 0]

Hi all,

My company is ready to move forward with a digital agency - and when landing on their signup page to enter my billing information, I'm met with the attached screen.

They've advised it's a false positive, but I'd appreciate it if you investigate further.

The main webpage https://www.hubsnacks.com/pricing seems to be fine.

It's when you progress to the basket and checkout pages.

If it is a genuine positive, could you pinpoint where the bad code is so I can highlight it to the person I'm dealing with please?

Thanks in advance,

Nigel

 

 

Edited November 9, 2022 by Marcos
Links removed

[Marcos 4,909]

The detection is correct. Searching for "var _0x174c56=_0x3e37;" should help you locate the malicious JavaScript.

[BigNigel 0]

Thank you Marcos,

I've located that particular section. Forgive me, but it is that entire block of code or a specific line?

I'm trying to be as precise as possible with my messages to them 😤

Nigel

[Marcos 4,909]

The whole JS bounded by the script tag should be removed.

[BigNigel 0]

Gotcha!

Thank you for the speedy response, Marcos!

Nigel

[BigNigel 0]

Hi @Marcos,

The sales guy I'm speaking to says they've updated their site to remove any malicious code.

Are you able to re-test and see if it's negative now? I'm not ready to enter my billing info until I'm fully confident.

Thanks for your help.

 

Nigel

[Marcos 4,909]

I didn't get any alert now after proceeding to checkout so the malware seems to have been removed indeed.

[BigNigel 0]

Thanks again, @Marcos

 

Nige