Tuesday, March 19, 2024

Almost 25% of Weaponized JavaScript Samples are Obfuscated To Evade Detection

After analyzing more than 10,000 malicious JavaScript samples it’s being concluded by the security analysts of Akamai that about 25% of the examined malicious samples evade detection by using JavaScript obfuscation techniques.

These 10,000 malicious JavaScript samples cover threats like:-

  • Malware droppers
  • Phishing pages
  • Scammers
  • Cryptominers’ malware

This immense portion clearly indicates that how rapidly threat actors are adopting obfuscation techniques to evade detection. But, for malicious purposes, JavaScript obfuscation is not solely used always.

While Alexa.com has revealed that among 20,000 top-ranked websites there are 0.5% of websites, that contain embedded, obfuscated JavaScript code. But, it doesn’t mean that all these websites are malicious since they use this to keep their web code private from the public.

Packers

When it comes to packers, at that point it’s all about compressing or encrypting code. In short, it’s a method through which the developers compress or encrypt their code to make it unreadable or non-debuggable.

Packers have unique functionality that will be soon presented at the SecTor 2021 conference, by using this feature anyone can detect JavaScript before it’s being obfuscated.

It means if any JavaScript code serves threats such as phishing, malware droppers, or scammers then it could be easily detected by using the unique functionality of Packers.

In the above image, you can see examples in which how the same unique packer functionality is used to detect and obfuscate any malicious JavaScript code.

According to the report, While in the case of 20000 tp-ranked websites, this scenario totally change, since it depicts a different story, as they use obfuscation for legitimate purposes like:-

  • To hide some of their client-side code functionality.
  • Code that was obfuscated by a third-party provider.
  • The obfuscation of sensitive information like email addresses.

In the current era of the threat landscape, the availability of limited resources, and every millisecond counts, perform a critical role. Since there are always ongoing wars between cybercriminals and defensive forces.

Now why it’s getting complicated? It’s getting complicated due to the use of obfuscation for legitimate purposes, and this means that it can’t be always flagged as malicious. 

Though it’s not considered a new technique, the use of JavaScript obfuscation clearly shows that how rapidly threat actors are still adopting this method to evade detection.

In this case, we always have to keep our eyes open and stay aware of such malicious techniques or methods used by the threat actors by monitoring the trends and evaluating the evolution of these types of malicious techniques or methods that are exploited in the wild by the attackers.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.

Website

Latest articles

CryptoWire Ransomware Attacking Abuses Schedule Task To maintain Persistence

AhnLab security researchers detected a resurgence of CryptoWire, a ransomware strain originally prevalent in...

E-Root Admin Sentenced to 42 Months in Prison for Selling 350,000 Credentials

Tampa, FL – In a significant crackdown on cybercrime, Sandu Boris Diaconu, a 31-year-old...

WhiteSnake Stealer Checks for Mutex & VM Function Before Execution

A new variant of the WhiteSnake Stealer, a formidable malware that has been updated...

Researchers Hack AI Assistants Using ASCII Art

Large language models (LLMs) are vulnerable to attacks, leveraging their inability to recognize prompts...

Microsoft Deprecate 1024-bit RSA Encryption Keys in Windows

Microsoft has announced an important update for Windows users worldwide in a continuous effort...

Beware Of Free wedding Invite WhatsApp Scam That Steal Sensitive Data

The ongoing "free wedding invite" scam is one of several innovative campaigns aimed at...

Hackers Using Weaponized SVG Files in Cyber Attacks

Cybercriminals have repurposed Scalable Vector Graphics (SVG) files to deliver malware, a technique that...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles