26% of JavaScript malware is invisible to antivirus software

According to computer security researchers at Akamai, a lot of malware written in JavaScript is masked using a technique called obfuscation. The principle is simple: add excessively complex code to complicate the task of security software and to make it difficult to detect malicious scripts.

Credit: Unsplash

While researchers have just developed an algorithm that can become a credit card PIN code, Akamai computer security experts are warning users of a whole different threat this time around. Indeed, they have just published a dedicated study malware written in JavaScript.

On a sample of more than 10,000 malware, the researchers concluded that 26% of them were masked, using obfuscation techniques. To sum up, the obfuscation consists of converting easy to understand source code into difficult and complex code, but still works as expected.

Let us admit, an application or a software based on a simple formula of the type A + B = C could be transformed into a succession of complex mathematical formulas, which whatever happens will give C, but in a much more convoluted way. The purpose of the maneuver is simple: muddling the waters and complicating the task of security software and making it more difficult to detect malicious scripts.

Read also: Twitch – source code, passwords, remuneration of streamers, everything leaked!

Malware written in JavaScript knows how to stay hidden

There are various ways to achieve obfuscation, such as injecting unused code into the script, splitting and concatenating the code (breaking it into unrelated chunks), or using hexadecimal patterns. As Akamai researchers point out, it’s worrying to see so much malware adopting obfuscation to evade detection. It must be said that the technique remains basic, but effective.

Read Also:  Automating Reporting And Analytics Processes

The researchers nevertheless wish to recall that not all obfuscation techniques are malicious, on the contrary. In fact, about 0.5% of the 20,000 top-ranked websites on the web use these techniques to protect themselves against piracy. They allow in particular to drown hackers with hundreds of lines of code slipped into computer programs. Here again, the goal is to hide the information behind a multitude of unnecessary lines of code, and by extension to deter and slow down hackers.

Source: Bleeding Computer




Recent Articles

Related News

Leave A Reply

Please enter your comment!
Please enter your name here