Weaponized Google OAuth Triggers Malicious WebSocket
a year ago
- #client-side-attack
- #Magento
- #cybersecurity
- A clever client-side attack on a Magento-based eCommerce website was analyzed.
- The attack uses a seemingly legitimate Google OAuth URL to deliver and execute malicious JavaScript.
- The script dynamically creates a WebSocket connection to an attacker-controlled domain.
- The payload executes conditionally, targeting checkout pages or automated browsers.
- The attack bypasses common security measures like CSP and DNS filters.
- The technique combines OAuth misdirection with conditionally triggered live control.
- c/side's product successfully identified and blocked the attack by analyzing the script payload before execution.