The researchers from Kahu Security have unearthed a new JavaScript malware. The malware is coded in JavaScript and is tasked to hijack the browser. The characteristic feature of this JavaScript based malware is that if you detect it and attempt to terminate its process it will shut down your computer.
As per the researchers this is not a new malware but a variant of similar kind which were first seen in 2014. However, the latest variant is more advanced, more lethal and more damaging. The malware is being spread through known techniques of email spam. However despite it being based on JavaScript, the malware is not executed inside the browser but the Windows Script Host which is the inbuilt JavaScript executor for the Windows.
The researchers found out that the criminals behind this malware have taken strenuous effort to hide the real payload of this malware behind the jumble of random characters. This malware has been designed to change the underlying operating system settings, and make use of tricks like encoded characters, regex replace, regex search, conditional statements and unusual base conversions.
The researchers have charted out all the steps the script undergoes:
The solution to this malicious script is to start PC in safe mode and then remove the startup link and roaming folder.
Publisher