Malware Developers Increasingly Use V8 JavaScript for Evasion
Researchers from Check Point Research (CPR) discovered a surge in malware using compiled V8 JavaScript to avoid detection. CPR's View8 tool helps analyze hidden malicious code, highlighting the challenge for cybersecurity.
Read original article
Researchers at Check Point Research (CPR) have identified a rising trend in malware development involving the use of compiled V8 JavaScript to evade detection. By leveraging Google's V8 engine to compile JavaScript into low-level bytecode, attackers can conceal their code effectively, making static analysis challenging. CPR developed View8, a tool to decompile V8 bytecode, enabling the analysis of previously undetected malicious samples. Malware examples like ChromeLoader, ransomware strains, and a shellcode loader demonstrate the diverse applications of this technique. The use of V8 JavaScript allows cybercriminals to bypass traditional detection methods, posing a significant challenge to cybersecurity. This trend is concerning as it exploits common technologies, enabling malware to blend in with legitimate applications and evade detection. Advanced tools and continuous vigilance are crucial to combat these evolving threats effectively.
Related
Polyfill supply chain attack hits 100K+ sites
A supply chain attack on Polyfill JS affects 100,000+ websites, including JSTOR and Intuit. Malware redirects mobile users to a betting site. Users advised to switch to trusted alternatives like Fastly and Cloudflare.
If you're using Polyfill.io code on your site – remove it immediately
A Chinese organization acquired polyfill.io, infecting 100,000+ websites with malware. Security warnings urge removal of its JavaScript code. Google blocks ads on affected sites. CDN mirrors aim to reduce risks.
The good, the bad, and the weird (2018)
Trail of Bits delves into "weird machines" in software exploitation, complex code snippets evading security measures. Techniques like Hoare triples and dynamic_casts aid in identifying and preventing exploitation, crucial in evolving security landscapes.
Over 100K+ Sites Hit by Polyfill.io Supply Chain Attack
A supply chain attack on Polyfill.io affected 100,000+ websites, redirecting mobile users to a betting site. Security measures like link rewriting and integrity checks are advised to mitigate risks in web development.
384k sites pull code from sketchy code library recently bought by Chinese firm
Over 384,000 websites linked to a code library in a supply-chain attack by a Chinese firm. Altered JavaScript code redirected users to inappropriate sites. Industry responses included suspensions and replacements.
0 commentsRelated
Polyfill supply chain attack hits 100K+ sites
A supply chain attack on Polyfill JS affects 100,000+ websites, including JSTOR and Intuit. Malware redirects mobile users to a betting site. Users advised to switch to trusted alternatives like Fastly and Cloudflare.
If you're using Polyfill.io code on your site – remove it immediately
A Chinese organization acquired polyfill.io, infecting 100,000+ websites with malware. Security warnings urge removal of its JavaScript code. Google blocks ads on affected sites. CDN mirrors aim to reduce risks.
The good, the bad, and the weird (2018)
Trail of Bits delves into "weird machines" in software exploitation, complex code snippets evading security measures. Techniques like Hoare triples and dynamic_casts aid in identifying and preventing exploitation, crucial in evolving security landscapes.
Over 100K+ Sites Hit by Polyfill.io Supply Chain Attack
A supply chain attack on Polyfill.io affected 100,000+ websites, redirecting mobile users to a betting site. Security measures like link rewriting and integrity checks are advised to mitigate risks in web development.
384k sites pull code from sketchy code library recently bought by Chinese firm
Over 384,000 websites linked to a code library in a supply-chain attack by a Chinese firm. Altered JavaScript code redirected users to inappropriate sites. Industry responses included suspensions and replacements.