Results for java script

Threat Research

GandCrab 2.1 Ransomware on the Rise with New Spam Campaign

Recently, FortiGuard Labs has been observing a surge in an email spam campaign delivering the latest GandCrab v2.1 ransomware. This article provides a basic overview of this malicious campaign, and points out details that can help users identify it.

Threat Research

The Growing Trend of Coin Miner JavaScript Infection

On 6th December 2017, FortiGuard Labs discovered a compromised website - acenespargc[.]com. Looking into the source code, we noticed a suspicious encrypted script which the uses eval() function to convert all the characters into numbers. We used a tool called CharCode Translator to reverse the numbers back into characters. We were then able to retrieve a link which redirects to a scam page or phishing website.

By Eric ChongFebruary 08, 2018

Threat Research

Deep Analysis of New Emotet Variant – Part 1

Background Last week, FortiGuard Labs captured a JS file that functions as a malware downloader to spread a new variant of the Emotet Trojan. Its original file name is Invoice__779__Apr___25___2017___lang___gb___GB779.js.  A JS file, as you may be aware, is a JavaScript file that can be executed by a Window Script Host (wscript.exe) simply by double-clicking on it. In this blog we will analyze how this new malware works by walking through it step by step in chronological order. A JS file used to spread malware The original JS code...

By Xiaopeng ZhangMay 03, 2017