I just purchased an HTML site template. Before buying, I read the comments and saw that one person asked why his site was getting a malware alert that traces to a js file in the template. He later came back and said he updated a file and the problem was fixed. The author said it was fixed so I took a chance, but decided to be careful.
Once I purchased the template I ran a virus scan and it was fine. Then I ran a search for base64 code (as this is a common way to embed malware in sites) and found that several files had base64. When I checked the files it was obvious that this code was just placed in and had nothing to do with the css on the page. One file was more subtle but contained a link that Google showed several porn/spam videos/images for. Obviously, I did not open any of them, just saw them on the SERRP page.
I left a comment for the author but was hoping someone here might have an idea of why this code is in a template. Is there a legit use for base64? I dont want to press a panic button but am very concerned and dont know a lot about base64.
Thanks for any insight - this is not my area of expertise!
Edited to Add: I should have mentioned that I am aware that some images are converted to base64 to make them lighter. My concern is large chunks of base64 dropped into a stylesheet or js file that do not seem to have any connection to the rest of the code there.