We’re sure many of you guys have come across various eBay auction pages in the past. Usually these pages have been designed by the seller in such a way that it captures your attention, or at least in a way that highlights some of the key points of the product, how much it is, and sometime whether or not there are freebies thrown in.
However it seems that recently, the folks at Check Point (via ArsTechnica) have discovered a bug in eBay that allows hackers to install malicious code in the page, in which it can then generate a prompt on the page, asking the user to install something in order to get a discount. However obviously it is a ruse, and instead users could end up installing malware.
Using a coding technique called JSFUCK, hackers have found a way around the restrictions that eBay has placed on its pages. According to Check Point, “Customers can be tricked into opening the page, and the code will then be executed by the user’s browser or mobile app, leading to multiple ominous scenarios that range from phishing to binary download.”
The issue was reported in December 2015, and in a statement Ars received from eBay, “eBay is committed to providing a safe and secure marketplace for our millions of customers around the world. We take reported security issues very seriously, and work quickly to evaluate them within the context of our entire security infrastructure. We have not found any fraudulent activity stemming from this incident.” In the meantime you can see this hack in action in the video above.