v1.7-v8x LiveFilter PRO5 - Ultimate Filtering with Statistics

K

kaplanspoti

New member
XNullUser
Joined
Dec 1, 2024
Messages
3
Reaction score
0
Points
1
Location
Cehennem
NullCash
6
Thank you very much for sharing this module. It’s absolutely incredible and has been incredibly helpful
 
P

pdzw1991

Member
XNullUser
Joined
Sep 17, 2024
Messages
302
Reaction score
2
Points
18
Location
Poland
NullCash
13
Thank you for this module. I will test it and hope it will be good.
 
V

vineonx

Member
XNullUser
Joined
Feb 22, 2025
Messages
12
Reaction score
26
Points
13
Location
mexico
NullCash
59
The file livefilter.js poses a significant risk and should be considered potentially malicious based on the following findings:


  • It matches multiple MITRE ATT&CK techniques related to credential harvesting, evasion, and remote control.
  • The script uses heavily obfuscated JavaScript, eval, and runtime string manipulation.
  • It monitors user input, interacts with cookies, and performs silent external HTTP requests.
  • It’s capable of injecting or replacing elements in the DOM, potentially redirecting users or leaking information.
  • The network behavior includes unsolicited data exfiltration to unknown servers.

🔐 What You Should Do​


  • Immediately remove this script from all environments.
  • Revoke and rotate any exposed API keys or tokens.
  • Audit the server and access logs to identify any exploitation attempts.
  • Replace only with verified scripts from trusted modules/vendors.
Post automatically merged:

AquariusGaza said:
It's possible it's a false positive because it analyzed the code and the only thing I see obfuscated in base64 is a .js function that doesn't look like malware
Click to expand...
It's true that PrestaShop is open source, and code transparency is essential when it comes to trusting a module. While some obfuscation techniques can have legitimate uses (like protecting intellectual property), in an e-commerce environment, such practices are a red flag.


In the case of the livefilter.js file:


  • It uses eval, manipulates cookies, and sends external requests containing user data.
  • It contains base64-encoded strings and dynamic string reordering, making manual auditing harder.
  • It matches multiple behaviors described in the MITRE ATT&CK framework, which is commonly used to classify malicious activity.

Even if no direct payload was found during analysis, using this level of obfuscation is unnecessary in a trustworthy module. If there’s nothing to hide, why hide it?


For security reasons, it's strongly recommended to replace any module containing obfuscated code with open and auditable alternatives.
 

Attachments

  • MITRE_Analysis_livefilter_EN.pdf
    3.1 KB · Views: 0
You must log in or register to reply here.
Top