Tuesday, October 15, 2024
HomeCyber AttackAlmost 25% of Weaponized JavaScript Samples are Obfuscated To Evade Detection

Almost 25% of Weaponized JavaScript Samples are Obfuscated To Evade Detection

Published on

Malware protection

After analyzing more than 10,000 malicious JavaScript samples it’s being concluded by the security analysts of Akamai that about 25% of the examined malicious samples evade detection by using JavaScript obfuscation techniques.

These 10,000 malicious JavaScript samples cover threats like:-

  • Malware droppers
  • Phishing pages
  • Scammers
  • Cryptominers’ malware

This immense portion clearly indicates that how rapidly threat actors are adopting obfuscation techniques to evade detection. But, for malicious purposes, JavaScript obfuscation is not solely used always.

- Advertisement - SIEM as a Service

While Alexa.com has revealed that among 20,000 top-ranked websites there are 0.5% of websites, that contain embedded, obfuscated JavaScript code. But, it doesn’t mean that all these websites are malicious since they use this to keep their web code private from the public.

Packers

When it comes to packers, at that point it’s all about compressing or encrypting code. In short, it’s a method through which the developers compress or encrypt their code to make it unreadable or non-debuggable.

Packers have unique functionality that will be soon presented at the SecTor 2021 conference, by using this feature anyone can detect JavaScript before it’s being obfuscated.

It means if any JavaScript code serves threats such as phishing, malware droppers, or scammers then it could be easily detected by using the unique functionality of Packers.

In the above image, you can see examples in which how the same unique packer functionality is used to detect and obfuscate any malicious JavaScript code.

According to the report, While in the case of 20000 tp-ranked websites, this scenario totally change, since it depicts a different story, as they use obfuscation for legitimate purposes like:-

  • To hide some of their client-side code functionality.
  • Code that was obfuscated by a third-party provider.
  • The obfuscation of sensitive information like email addresses.

In the current era of the threat landscape, the availability of limited resources, and every millisecond counts, perform a critical role. Since there are always ongoing wars between cybercriminals and defensive forces.

Now why it’s getting complicated? It’s getting complicated due to the use of obfuscation for legitimate purposes, and this means that it can’t be always flagged as malicious. 

Though it’s not considered a new technique, the use of JavaScript obfuscation clearly shows that how rapidly threat actors are still adopting this method to evade detection.

In this case, we always have to keep our eyes open and stay aware of such malicious techniques or methods used by the threat actors by monitoring the trends and evaluating the evolution of these types of malicious techniques or methods that are exploited in the wild by the attackers.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on...

CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address

Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies...

TrickMo Malware Targets Android Devices to Steal Unlock Patterns and PINs

The recent discovery of the TrickMo Banking Trojan variant by Cleafy has prompted further...

pac4j Java Framework Vulnerable to RCE Attacks

A critical security vulnerability has been discovered in the popular Java framework pac4j. The...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address

Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies...

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...