After analyzing more than 10,000 malicious JavaScript samples it’s being concluded by the security analysts of Akamai that about 25% of the examined malicious samples evade detection by using JavaScript obfuscation techniques.
These 10,000 malicious JavaScript samples cover threats like:-
- Malware droppers
- Phishing pages
- Scammers
- Cryptominers’ malware
This immense portion clearly indicates that how rapidly threat actors are adopting obfuscation techniques to evade detection. But, for malicious purposes, JavaScript obfuscation is not solely used always.
While Alexa.com has revealed that among 20,000 top-ranked websites there are 0.5% of websites, that contain embedded, obfuscated JavaScript code. But, it doesn’t mean that all these websites are malicious since they use this to keep their web code private from the public.
Packers
When it comes to packers, at that point it’s all about compressing or encrypting code. In short, it’s a method through which the developers compress or encrypt their code to make it unreadable or non-debuggable.
Packers have unique functionality that will be soon presented at the SecTor 2021 conference, by using this feature anyone can detect JavaScript before it’s being obfuscated.
It means if any JavaScript code serves threats such as phishing, malware droppers, or scammers then it could be easily detected by using the unique functionality of Packers.
In the above image, you can see examples in which how the same unique packer functionality is used to detect and obfuscate any malicious JavaScript code.
According to the report, While in the case of 20000 tp-ranked websites, this scenario totally change, since it depicts a different story, as they use obfuscation for legitimate purposes like:-
- To hide some of their client-side code functionality.
- Code that was obfuscated by a third-party provider.
- The obfuscation of sensitive information like email addresses.
In the current era of the threat landscape, the availability of limited resources, and every millisecond counts, perform a critical role. Since there are always ongoing wars between cybercriminals and defensive forces.
Now why it’s getting complicated? It’s getting complicated due to the use of obfuscation for legitimate purposes, and this means that it can’t be always flagged as malicious.
Though it’s not considered a new technique, the use of JavaScript obfuscation clearly shows that how rapidly threat actors are still adopting this method to evade detection.
In this case, we always have to keep our eyes open and stay aware of such malicious techniques or methods used by the threat actors by monitoring the trends and evaluating the evolution of these types of malicious techniques or methods that are exploited in the wild by the attackers.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.