We recently uncovered a widespread campaign in which threat actors compromise legitimate websites by injecting heavily obfuscated JavaScript code. These scripts silently redirect visitors to malicious pages delivering malware, exploits, or spam. The attackers use an obfuscation method known as JSF*ck (term redacted for profanity)....