Researchers at Juniper Menace Labs warn that phishing assaults are using a brand new obfuscation approach to cover malicious JavaScript.
“Whereas investigating a classy phishing assault focusing on associates of a significant American political motion committee (PAC) in early January 2025, Juniper Menace Labs noticed a brand new JavaScript obfuscation approach,” the researchers write.
“This method was first described by a safety researcher on X again in October 2024, highlighting the velocity with which offensive safety analysis will be included into real-world assaults.”
The approach makes use of whitespace Unicode characters from the Korean alphabet to encode and conceal the malicious JavaScript, rendering it invisible to people and safety instruments whereas nonetheless permitting it to execute when triggered.
“On October 8, 2024, Martin Kleppe first demonstrated this method through a submit on X,” Juniper explains. “A refinement of the approach, which was used verbatim within the phishing assault, was posted on October 28 and is demonstrated at https://aem1k[.]com/invisible/encoder/.
The encoding works through the use of two completely different Unicode filler characters, the Hangul half-width and the Hangul full width, to symbolize the binary values 0 and 1, respectively. Every group of 8 of those characters kinds a single byte, representing an ASCII character. The complete payload sits invisibly in a script as a property, however is executed with a brief bootstrap code when the property is accessed by means of a Proxy get() entice.”
Attackers are continually searching for new methods to bypass technical safety measures. New-school safety consciousness coaching may give your group an important layer of protection in opposition to social engineering assaults. KnowBe4 empowers your workforce to make smarter safety selections day by day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human threat.
BleepingComputer has the story.
