Friday, May 9, 2025
HomeCyber AttackAlmost 25% of Weaponized JavaScript Samples are Obfuscated To Evade Detection

Almost 25% of Weaponized JavaScript Samples are Obfuscated To Evade Detection

Published on

SIEM as a Service

Follow Us on Google News

After analyzing more than 10,000 malicious JavaScript samples it’s being concluded by the security analysts of Akamai that about 25% of the examined malicious samples evade detection by using JavaScript obfuscation techniques.

These 10,000 malicious JavaScript samples cover threats like:-

  • Malware droppers
  • Phishing pages
  • Scammers
  • Cryptominers’ malware

This immense portion clearly indicates that how rapidly threat actors are adopting obfuscation techniques to evade detection. But, for malicious purposes, JavaScript obfuscation is not solely used always.

- Advertisement - Google News

While Alexa.com has revealed that among 20,000 top-ranked websites there are 0.5% of websites, that contain embedded, obfuscated JavaScript code. But, it doesn’t mean that all these websites are malicious since they use this to keep their web code private from the public.

Packers

When it comes to packers, at that point it’s all about compressing or encrypting code. In short, it’s a method through which the developers compress or encrypt their code to make it unreadable or non-debuggable.

Packers have unique functionality that will be soon presented at the SecTor 2021 conference, by using this feature anyone can detect JavaScript before it’s being obfuscated.

It means if any JavaScript code serves threats such as phishing, malware droppers, or scammers then it could be easily detected by using the unique functionality of Packers.

In the above image, you can see examples in which how the same unique packer functionality is used to detect and obfuscate any malicious JavaScript code.

According to the report, While in the case of 20000 tp-ranked websites, this scenario totally change, since it depicts a different story, as they use obfuscation for legitimate purposes like:-

  • To hide some of their client-side code functionality.
  • Code that was obfuscated by a third-party provider.
  • The obfuscation of sensitive information like email addresses.

In the current era of the threat landscape, the availability of limited resources, and every millisecond counts, perform a critical role. Since there are always ongoing wars between cybercriminals and defensive forces.

Now why it’s getting complicated? It’s getting complicated due to the use of obfuscation for legitimate purposes, and this means that it can’t be always flagged as malicious. 

Though it’s not considered a new technique, the use of JavaScript obfuscation clearly shows that how rapidly threat actors are still adopting this method to evade detection.

In this case, we always have to keep our eyes open and stay aware of such malicious techniques or methods used by the threat actors by monitoring the trends and evaluating the evolution of these types of malicious techniques or methods that are exploited in the wild by the attackers.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actors Target Job Seekers with Three New Unique Adversaries

Netcraft has uncovered a sharp rise in recruitment scams in 2024, driven by three...

Scattered Spider Malware Targets Klaviyo, HubSpot, and Pure Storage Platforms

Silent Push researchers have identified that the notorious hacker collective Scattered Spider, also known...

Chinese Hackers Exploit SAP RCE Vulnerability to Deploy Supershell Backdoors

A critical remote code execution (RCE) vulnerability, identified as CVE-2025-31324, in SAP NetWeaver Visual...

Hackers Target IT Admins by Poisoning SEO to Push Malware to Top Search Results

Cybercriminals are increasingly targeting IT administrators through sophisticated Search Engine Optimization (SEO) poisoning techniques. By...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Threat Actors Target Job Seekers with Three New Unique Adversaries

Netcraft has uncovered a sharp rise in recruitment scams in 2024, driven by three...

Scattered Spider Malware Targets Klaviyo, HubSpot, and Pure Storage Platforms

Silent Push researchers have identified that the notorious hacker collective Scattered Spider, also known...

Chinese Hackers Exploit SAP RCE Vulnerability to Deploy Supershell Backdoors

A critical remote code execution (RCE) vulnerability, identified as CVE-2025-31324, in SAP NetWeaver Visual...