v1.7-v8x LiveFilter PRO5 - Ultimate Filtering with Statistics

[yog78]

Thanks so much for sharing this module.

 

[kaplanspoti]

Thank you very much for sharing this module. It’s absolutely incredible and has been incredibly helpful

 

[anatole]

gracias por el pluying lo estaba buscandoi

 

[pdzw1991]

Thank you for this module. I will test it and hope it will be good.

 

[hoze]

thank you for sharing this module. I will test it.

 

[vineonx]

The file livefilter.js poses a significant risk and should be considered potentially malicious based on the following findings:

• It matches multiple MITRE ATT&CK techniques related to credential harvesting, evasion, and remote control.
• The script uses heavily obfuscated JavaScript, eval, and runtime string manipulation.
• It monitors user input, interacts with cookies, and performs silent external HTTP requests.
• It’s capable of injecting or replacing elements in the DOM, potentially redirecting users or leaking information.
• The network behavior includes unsolicited data exfiltration to unknown servers.

What You Should Do​

• Immediately remove this script from all environments.
• Revoke and rotate any exposed API keys or tokens.
• Audit the server and access logs to identify any exploitation attempts.
• Replace only with verified scripts from trusted modules/vendors.

Post automatically merged: Apr 15, 2025

It's possible it's a false positive because it analyzed the code and the only thing I see obfuscated in base64 is a .js function that doesn't look like malware

It's true that PrestaShop is open source, and code transparency is essential when it comes to trusting a module. While some obfuscation techniques can have legitimate uses (like protecting intellectual property), in an e-commerce environment, such practices are a red flag.


In the case of the livefilter.js file:

• It uses eval, manipulates cookies, and sends external requests containing user data.
• It contains base64-encoded strings and dynamic string reordering, making manual auditing harder.
• It matches multiple behaviors described in the MITRE ATT&CK framework, which is commonly used to classify malicious activity.

Even if no direct payload was found during analysis, using this level of obfuscation is unnecessary in a trustworthy module. If there’s nothing to hide, why hide it?


For security reasons, it's strongly recommended to replace any module containing obfuscated code with open and auditable alternatives.

 

[mclk]

Thanks for this usefull module .I will try