Results for malicious javascript

Threat Research

Cobalt Malware Strikes Using CVE-2017-11882 RTF Vulnerability

Only a few days after FortiGuard Labs published an article about a spam campaign exploiting an RTF document, we found another spam campaign using an even more recent document vulnerability, CVE-2017-11882.

By Jasper Manual and Joie SalvioNovember 27, 2017

Threat Research

PDF Phishing Leads to Nanocore RAT, Targets French Nationals

Recently, FortiGuard Labs found a phishing campaign targeting French Nationals. In this campaign, a PDF file with an embedded javascript is used to download the payload from a Google Drive shared link. As it turns out, the downloaded file is an HTA (HTML Application) file, a format that is becoming more and more common as a malware launch point. It is usually used as a downloader for the actual binary payload. However in this campaign,...

By Joie Salvio and Rommel JovenOctober 12, 2017

Threat Research

Booby-trapped javascripts threaten malware analysts

In today's context, where the majority of Zombie infections occur via victim's browser exploitation (aka "drive-by install"), a Cyber Guerilla is taking place between malware analysts and Web Exploitation Toolkits developers. The latter used to merely resort to counter-measures (such as dynamic obfuscation or code splitting) in order to hinder the analysis of the malicious javascripts embedded in their exploitation toolkits. But it seems they have now entered a genuinely more aggressive phase, which involves booby-trapping the malicious javascripts...

By David MaciejakApril 02, 2009