According to Jscrambler, webmasters frequently keep outdated files like these on their websites. Due to their lack of understanding of third-party code, according to the security firm. Threat actors may exploit dead links that are still retained in libraries. Security teams frequently lack access to the 3rd code that is running on their websites. Making it impossible for them to determine if it is compromised. In this instance, the hackers got hold of the domain name that was previously owned by and hosting the library, and they utilized it to build a skim script that used the same URL. The compromising of the f o websites resulted from the domain being reregistered and reconfigured.
They purchased the domain name that was used to hos. The library and utilized it to deliver a Web-Skimming script at the same URL. Over 40 e-commerce websites were compromised by attackers who were able to deploy malicious code by re-registering the expired domain.
The vendor claimed that failing to take down outdated libraries like these from websites frequently results in vulnerable dead links. Poor security procedures and a lack of understanding of third-party code are to blame, it was claimed.
According to Jscrambler, “the majority of security teams don’t have access into this third-party code that is running on their website. They don’t know if it’s functioning as it should or improperly — whether mistakenly or deliberately.”