Hackers are disguising their malicious JavaScript code with a hard-to-beat trick

Over 25% of malicious JavaScript code is obfuscated by so-called ‘packers’, a software packaging method that has given attackers a way of evading signature-based detection, according to security and content delivery network provider Akamai. 

Packers work by compressing or encrypting code to make that code unreadable and non-debuggable — resulting in ‘obfuscated’ code that is difficult for antivirus to detect. 

ZDNet Recommends

JavaScript packers aren’t a new threat. As Secureworks noted as far back as 2008, JavaScript packers became a popular alternative to JavaScript libraries because they were good at reducing the number of bytes downloaded on each page in order to support richer web applications of the time. 

SEE: This new ransomware encrypts your data and makes some nasty threats, too

“Computer hackers have taken advantage of the acceptance of these packers as suboptimal network optimization tactics and are using them as a way to evade and bypass security controls on the gateway and at the host,” SecureWorks noted then

Akamai notes that some of the world’s most popular websites contain obfuscated JavaScript for business reasons. 

The company highlights that packers are still a large scale problem, aiding the spread of phishing pages, malware droppers and scams like the

Read More: https://www.zdnet.com/article/hackers-are-disguising-their-malicious-javascript-code-with-hard-to-beat-trick/#ftag=RSSbaffb68