Some JavaScript features allow for pretty interesting obfuscation techniques. For example, did you know that virtually any English word can be used as a valid number?

I recently decoded a credit card stealing script injected at the bottom of a js/varien/js.js file:

There were several layers of obfuscation. During the final stage of decoding, I identified that this code writes something to web pages with URLs containing one of the following keywords onepage|checkout|onestep|firecheckout, typically used on checkout pages.

Continue reading Uncommon Radixes Used in Malware Obfuscation at Sucuri Blog.

Via Sucuri.net