By: ThreatLabz

Rajasthan State Marketing Site Infected With Malicious Code

Compromise

India’s Rajasthan State Co-operative Marketing Federation Ltd (http://rajfed.gov.in/) has been infected with a malicious script tag. This government site promotes the objectives of procuring agricultural produce from farmers through the member societies on support prices declared by the Govt. of India. Here is the home page of this site:

The malicious script has been injected at the bottom of this page. Here is the screenshot of source page,
 
Below, you can see a decoded version of the script using Malzilla.
 
The decoded script tag leads to JavaScript from “hxxp://cs.cskick.cn/cs/sc.js”. Currently, this malicious site is down. A quick Google search for this domain shows that it has been involved with malicious activity in the past. Trend Micro has issued a report for a separate threat hosted at that same domain.

Umesh

Learn more about Zscaler.