Uncommon Radixes Used in Malware Obfuscation

Uncommon Radixes Used in Malware ObfuscationSome JavaScript features allow for pretty interesting obfuscation techniques. For example, did you know that virtually any English word can be used as a valid number?

I recently decoded a credit card stealing script injected at the bottom of a js/varien/js.js file:

There were several layers of obfuscation. During the final stage of decoding, I identified that this code writes something to web pages with URLs containing one of the following keywords onepage|checkout|onestep|firecheckout, typically used on checkout pages.

Continue reading Uncommon Radixes Used in Malware Obfuscation at Sucuri Blog.

Source: Scuri check