Cybercriminals compromised the free HTML5 video player Video.js

Sep 19, 2013 14:08 GMT  ·  By

FireEye was recently notified that its careers website was serving a drive-by download exploit. After analyzing the incident, researchers determined that the malicious code was hosted on the systems of a third-party advertiser that was linked via one of FireEye’s third-party web services.

The attackers have apparently compromised the free HTML5 video player Video.js. In a blog post, Video.js developers explained that certain versions of the player being served from their content delivery network were modified by cybercriminals.

The attackers added malicious code designed to install malware on Windows and Mac machines that loaded the video.js file.

According to FireEye, this wasn’t a watering hole attack and it was not targeted. The campaign appears to be part of the Darkleech malware campaign designed to distribute a variant of the Reveton ransomware.

Security expert Dancho Danchev provides more technical details on the attack.