IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

A quarter of all malicious JavaScript is obfuscated

Hackers using concealed packers to avoid detection

JavaScript code on a screen

Hackers obfuscate over 25% of malicious JavaScript code to avoid detection, new research has found.

Analysis of 10,000 malicious JavaScript samples, representing threats like malware droppers, phishing pages, scammers, and cryptominers’ malware, revealed that at least 25% of the examined samples used JavaScript obfuscation techniques to evade detection, according to security researchers at Akamai

Obfuscation makes it harder for humans to understand the code running, but this is not the case for the machine, which will run it as normal.

Researchers said this significant percentage of files indicates continued adoption of obfuscation techniques by cyber criminals that want to stay under the radar.

While hackers use packers to compress and encrypt code to prevent detection, the obfuscated code samples appear similar. This is because the same packers are used, making the code structure similar despite having different functions. 

Researchers gave an example of four pieces of JavaScript code — two phishing codes, one malware dropper, and one Magecart scammer — with the same structure and executing the same obfuscation functionality.

“These four examples are the output of the same unique packer functionality being used to obfuscate any given JavaScript code,” said researchers.

By profiling packers and their functionality, researchers said they could evaluate 30,000 benign and malicious JavaScript files and see that at least 25% of the malicious files used one of five profiled packer functionalities.

Related Resource

How to plan for endpoint security against ever-evolving cyber threats

Safeguard your devices, data, and reputation

Man and woman looking at a laptop in an office building Free download

While many obfuscated code samples appeared to be malicious, the report said  0.5% of the 20,000 top-ranking websites on the web were also using obfuscation techniques.

The researchers found that legit websites use obfuscation for various reasons. Some use it to conceal their client-side code functionality, while others have code that a third-party provider obfuscated. Some also use it to protect sensitive information, like email addresses.

Researchers said this evidence sheds more light on the challenges of detecting malicious JavaScript. It shows that obfuscation alone is not enough to indicate the presence of malicious code.

“The approach for detecting malicious obfuscation requires more advanced machine learning techniques that enable differentiation between malicious and benign obfuscated JavaScript,” said researchers.

“A better approach for detection should be one that uses additional indicators and considers obfuscated code as suspicious till proven otherwise. Indicators can be in the form of website features, like domain age and website popularity rank, or in the form of JavaScript code features, like code size and complexity,” they added.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022
How do you become an ethical hacker?
ethical hacking

How do you become an ethical hacker?

29 Apr 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022