Researchers have discovered a "severe vulnerability" that allows attackers to use eBay to distribute malware, and the online auction company has no plans to fix the problem.
eBay users are not permitted to insert JavaScript code in their listings, to prevent scammers from installing malware or phishing programs on your device. However, eBay's filters seem unable to catch JavaScript code generated using JSFuck, which creates working scripts using only six characters, and is able to sneak past the eBay filters.
Since there isn't a fix for this yet, all we can really tell you to do is BE CAREFUL. Don't click on eBay links from unknown or untrusted sources. If you're on an eBay page and it asks you to install something, make sure you do not install it. Scammers will usually try to tempt you with a discount or promotion, but if they ask you to download an app or program to get that discount, you can usually bet that it's bogus.
Scammers could use the information they get from these malicious programs to steal your financial information, hijack your Facebook and Google accounts via their apps, other accounts linked to your device, and spread malware.
The vulnerability was discovered by researchers at Check Point Software back in December. They didn't hear back from eBay until January 16, 2016, which said that it wasn't planning to address the concern, and gave no reasoning for its decision.
So, once again, make sure you're extra careful about what you click on when it comes to eBay. Hopefully the company will wise up and fix this problem sooner rather than later. But until then, remember that—as cliché as it sounds—if a deal seems too good to be true, it probably is.
Just updated your iPhone to iOS 18? You'll find a ton of hot new features for some of your most-used Apple apps. Dive in and see for yourself:
Be the First to Comment
Share Your Thoughts