JQuery.com, the official website of the popular javascript library JQuery(used by nearly 70% of top 10,000 websites), had reportedly been compromised and had served credential stealing malware.
RiskIQ announced that they had detected a malicious script in jquery.com that redirects visitors to a website hosting the RIG Exploit kit.
The redirector domain(jquery-cdn[dot]com) used in this attack has been registered on September 18, the same day on which the attack was detected by RiskIQ. RiskIQ believes that this domain was intended specifically to blend into the website.
The good news is that RiskIQ found no indication suggesting that the JQuery library itself has been affected. Otherwise, many additional websites using the JQuery CDN to load the JQuery library would also have been affected.
The people at JQuery.com says they found no logs or evidence that their server was compromised.
"So far the investigation has been unable to reproduce or confirm that our servers were compromised. We have not been notified by any other security firm or users of jquery.com confirming a compromise." JQuery.com blog post reads.