Malicious JavaScript is increasingly being used to steal sensitive information, including passwords and credit card numbers. Researchers at Unit 42 have observed threat actors using malicious JavaScript samples to steal sensitive information by abusing popular survey sites, low-quality hosting, and web chat APIs. In some campaigns, attackers created chatbots registered to someone noteworthy, such as an Australian footballer. Other malware campaigns included web skimmers injected into compromised sites and traditional phishing sites.
The malware tries to evade traditional static and dynamic analysis by using obfuscation, unusual Document Object Model (DOM) interactions, and selective payload detonation. Researchers have identified campaigns that collect passwords and credit card information using JavaScript malware sandboxes.
To protect yourself from malicious JavaScript, it's essential to be cautious when clicking on links, especially in emails or on social media. Make sure to verify the legitimacy of the website and the information it provides. Additionally, keep your software and applications up-to-date to minimize the risk of infection.
IoC
SHA256
- 13429eebb74575523b242e16b51eacf287a351c6de04557ec3cc343812aae0cb
- acf325dad908534bd97f6df0926f30fc7938a1ac6af1cec00aa45bcf63699e24
- bf3ab10a5d37fee855a9336669839ce6ad3862ad32f97207d4e959faaba0a3ed
- da416dd6d35e2b779d164f06d4798ca2d9a3d3867e7708b11bf6a863a5e7ffc2
- db346adb1417340e159c45c5e4fdaea039c0edbca6e62ad46aa9aec1cf1273a1
- f82ef9a948b4eaf9b7d8cda13c5fa8170c20b72fde564f7d3a0f271644c73b92
REFERENCES
- https://unit42.paloaltonetworks.com/malicious-javascript-steals-sensitive-data/
- https://otx.alienvault.com/pulse/658439e86a451e98d57ca3d8
TAGS
malicious javascript, api abuse
No comments:
Post a Comment