Researchers at Juniper Menace Labs warn that phishing assaults are using a brand new obfuscation approach to cover malicious JavaScript.
“Whereas investigating a classy phishing assault concentrating on associates of a significant American political motion committee (PAC) in early January 2025, Juniper Menace Labs noticed a brand new JavaScript obfuscation approach,” the researchers write.
“This system was first described by a safety researcher on X again in October 2024, highlighting the pace with which offensive safety analysis will be included into real-world assaults.”
The approach makes use of whitespace Unicode characters from the Korean alphabet to encode and conceal the malicious JavaScript, rendering it invisible to people and safety instruments whereas nonetheless permitting it to execute when triggered.
“On October 8, 2024, Martin Kleppe first demonstrated this method through a put up on X,” Juniper explains. “A refinement of the approach, which was used verbatim within the phishing assault, was posted on October 28 and is demonstrated at https://aem1k[.]com/invisible/encoder/.
The encoding works through the use of two completely different Unicode filler characters, the Hangul half-width and the Hangul full width, to signify the binary values 0 and 1, respectively. Every group of 8 of those characters kinds a single byte, representing an ASCII character. The whole payload sits invisibly in a script as a property, however is executed with a brief bootstrap code when the property is accessed by a Proxy get() lure.”
Attackers are continuously on the lookout for new methods to bypass technical safety measures. New-school safety consciousness coaching can provide your group an important layer of protection towards social engineering assaults. KnowBe4 empowers your workforce to make smarter safety choices day by day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human danger.
BleepingComputer has the story.