About 26% of All Malicious JavaScript Threats Are Obfuscated (bleepingcomputer.com) 18
Akamai researchers have analyzed 10,000 JavaScript samples including malware droppers, phishing pages, scamming tools, Magecart snippets, cryptominers, etc. At least 26% of them use some form of obfuscation to evade detection, indicating an uptick in the adoption of this basic yet effective technique. BleepingComputer reports: Obfuscation is when easy-to-understand source code is converted into a hard to understand and confusing code that still operates as intended. Threat actors commonly use obfuscation to make it harder to analyze malicious scripts and to bypass security software. Obfuscation can be achieved through various means like the injection of unused code into a script, the splitting and concatenating of the code (breaking it into unconnected chunks), or the use of hexadecimal patterns and tricky overlaps with function and variable naming.
But not all obfuscation is malicious or tricky. As the report explains, about 0.5% of the 20,000 top-ranking websites on the web (according to Alexa), also use obfuscation techniques. As such, detecting malicious code based on the fact that is obfuscated isn't enough on its own, and further correlation with malicious functionality needs to be made. This mixing with legitimate deployment is precisely what makes the detection of risky code challenging, and the reason why obfuscation is becoming so widespread in the threat landscape.
But not all obfuscation is malicious or tricky. As the report explains, about 0.5% of the 20,000 top-ranking websites on the web (according to Alexa), also use obfuscation techniques. As such, detecting malicious code based on the fact that is obfuscated isn't enough on its own, and further correlation with malicious functionality needs to be made. This mixing with legitimate deployment is precisely what makes the detection of risky code challenging, and the reason why obfuscation is becoming so widespread in the threat landscape.
Almost everyone obfuscates (Score:3)
Except on the Web, it's called minification [wikipedia.org]/
Re:Almost everyone obfuscates (Score:4, Funny)
Re: (Score:2)
Re: (Score:2)
Except on the Web, it's called minification [wikipedia.org]/
Interesting. I learned something new today. This is just one obfuscation technique, but still definitely an useful step in a larger obfuscation scheme.
Re: Almost everyone obfuscates (Score:3)
minification
What web sites do to save a few bytes of script that just end up shoveling a 20Mb ad video onto my system.
Re: (Score:2)
I'm just playin' JavaScript. You know we love you
"But not all obfuscation is malicious or tricky" (Score:5, Insightful)
Excuse me. That is malicious. It makes it hard for me to determine what you're running on the computer I own, and at the same time, it's my CPU in a wasteful manner.
yes obfuscate the javascript (Score:1)
In Other Words (Score:2)
Obfuscation is when easy-to-understand source code is converted into a hard to understand and confusing code that still operates as intended.
Normal Javascript.
Because running untrusted code ... (Score:3)
You mean the web being re-invented 3 times and running untrusted code on your local machine isn't safe? What could go wrong! /s
Re: (Score:2)
obfuscated like facebook (Score:2)
Someone is /reading/ their served-up Javascript?? (Score:2)
Yeah, I suppose someone out there is...
But like the Halting Problem, does it really matter if there's no generalized defense?
As a young lad, I asked my dad to make my browser Turing Complete.
Now I'm not so sure.
Outreach Needed? (Score:1)
Problem Solved (Score:1)
The problem can be solved by disabling JavaScript and WebASM, which is 100% effective in preventing malicious code from executing. It does not matter whether the code is obfuscated or not.
Only 26%? (Score:3)
What self-respecting JavaScript malware author is releasing un-obfuscated malware?
Particularly even when "legit" JavaScript is usually always minified and crunched, which is a form of obfuscation anyway.