Researchers have discovered a "severe vulnerability" that allows attackers to use eBay to distribute malware, and the online auction company has no plans to fix the problem.
eBay users are not permitted to insert JavaScript code in their listings, to prevent scammers from installing malware or phishing programs on your device. However, eBay's filters seem unable to catch JavaScript code generated using JSFuck, which creates working scripts using only six characters, and is able to sneak past the eBay filters.
Since there isn't a fix for this yet, all we can really tell you to do is BE CAREFUL. Don't click on eBay links from unknown or untrusted sources. If you're on an eBay page and it asks you to install something, make sure you do not install it. Scammers will usually try to tempt you with a discount or promotion, but if they ask you to download an app or program to get that discount, you can usually bet that it's bogus.
Scammers could use the information they get from these malicious programs to steal your financial information, hijack your Facebook and Google accounts via their apps, other accounts linked to your device, and spread malware.
Malicious programs on eBay will disguise themselves as a download for an app to receive discounts.
The vulnerability was discovered by researchers at Check Point Software back in December. They didn't hear back from eBay until January 16, 2016, which said that it wasn't planning to address the concern, and gave no reasoning for its decision.
So, once again, make sure you're extra careful about what you click on when it comes to eBay. Hopefully the company will wise up and fix this problem sooner rather than later. But until then, remember that—as cliché as it sounds—if a deal seems too good to be true, it probably is.
Cover image (original) via Mattia Luigi Nappi/Wikimedia Commons
Comments
Be the first, drop a comment!