Those codes run with the opening of the page on either a mobile or a desktop browser. Some users had received an eBay link and were then prompted to install a malware masquerading as a "discount app" upon viewing the item's details.
Check Point Software said in a blog post, that eBay had been notified about the flaw back in December, the company, however, said it did not have plans to fix the vulnerability. eBay told Ars Technica, however, that it had been in touch with Check Point Software and that it had "implemented various security filters" on the basis of its findings. eBay further added that it had not detected any fraudulent activity that took advantage of the bug yet.
''Since we allow active content on our site it's important to understand that malicious content on our marketplace is extraordinarily uncommon, which we estimate to be less than two listings per million that use active content on the eBay marketplace.