jQuery Site Reroutes Systems Administrators to Malware
Web Services
A toolkit used by developers of an estimated 70 percent of the 10,000 most popular websites was infected with code that can steal information from visitors’ computers, or, in this case, from web systems developers.
Developers rely on the JavaScript library jQuery (jquery.com) for dynamic content.
Its website has been compromised in a way that “is particularly disconcerting because of the demographic of jQuery users,” reports RiskIQ, which discovered the breach. “Typically, these individuals have privileged access to web properties, backend systems and other critical infrastructure. Planting malware capable of stealing credentials on devices owned by privilege accounts holders inside companies could allow attackers to silently compromise enterprise systems, similar to what happened in the infamous Target breach.”
Security researchers have no evidence the jQuery library itself has been corrupted.