I recently was trying to access a website and recieved this error:
JS:CardStealer-CN [Trj]
I have the free version of Avast running on my laptop [ASUS dino from 2012]
Was wondering if this is a problem with my computer or browser, or if it was the website?
(wxw.wishtrend.com)
Obviously worrisome since the threat detected says card stealer.
I am not great with tech or really know what this message is indicating, so was hoping someone could help.
Was wondering if this is a problem with my computer or browser, or if it was the website?That depends what the message from avast say, all info on that message but (JS:CardStealer) java scripts is usually related to a website
screenshots say more than thousand words
I got help to provide a screenshot, as I wasn’t sure how to before.
[& it’s been awhile since myspace ::)]
Hopefully, this would help in knowing how to move forward.
https://i.ibb.co/HdFL0G1/threat-on-wishtrend-cropped.png
I also ran a scan since I last posted, and it informed me of NO MALWARE on my system. (using free avast)
So I’m guessing it was something on the sites end. (?)
That site you have visited has outdated software and therefore a risk to visit,
as it can be easily compromised.
See: https://sitecheck.sucuri.net/results/www.wishtrend.com
Nothing given here: https://www.virustotal.com/gui/ip-address/18.144.59.222/relations
When something it is Amazon-02 abuse.
Outdated Word Press version: WordPress Version 5.1.1
Could have been hacked through: Plugin Update Status About
woocommerce 3.6.5 Warning latest release (4.7.1)
https://woocommerce.com/
Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.
Path Tested Status
/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing is tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.
Link found to -https://www.pinterest.co.kr/ blocked links to -(s)pinimig.com
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Hello,
the page is infected with card skimmer. The script from the attached image loads malicious JS.
Milos