InvisibleJS Emerges as Stealthy JavaScript Obfuscator Using Zero-Width Characters

InvisibleJS Emerges as Stealthy JavaScript Obfuscator Using Zero-Width Characters

Posted on By CWS

InvisibleJS, a brand new open-source software that conceals JavaScript code utilizing invisible zero-width Unicode characters, raises alarms about potential misuse in malware campaigns.

InvisibleJS, hosted on GitHub by developer With alias oscarmine, employs steganography to embed supply code into seemingly clean recordsdata. The method converts JavaScript into binary strings, mapping 0s to Zero Width House (U+200B) and 1s to Zero Width Non-Joiner (U+200C).

A small bootstrap loader then decodes and runs the hidden payload at runtime, making the code invisible to the bare eye in editors like VS Code.

Two Variations for Totally different Environments

The repository presents Model 1 (Traditional with eval), supreme for CommonJS and legacy Node.js setups, supporting require and module.exports natively.

Model 2 (Trendy with import) targets ES Modules, utilizing dynamic await import() for top-level await and exports, although it requires .mjs recordsdata or “sort”: module configuration.

Hiding code is easy by way of CLI:

Model 1: node hideV1.mjs -i enter.js -o hidden.js

Model 2: node hideV2.mjs -i enter.js -o hidden.js

Execution follows with node hidden.js, producing regular output regardless of the clean look.

FeatureVersion 1 (eval)Model 2 (import)Invisibility100percent100percentCommonJS SupportNativeLimitedESM SupportNoFullTop-Degree AwaitNoYesExecutionSynchronousAsynchronousDecoder LengthShortLong

This method echoes prior zero-width JS proofs-of-concept relationship again to 2018, now weaponized in phishing assaults. Attackers have abused related Unicode obfuscation utilizing Hangul characters for binary to cover payloads in scripts, evading scanners with anti-debug checks.

InvisibleJS might amplify such threats, enabling stealthy malware loaders in Node.js environments or net apps, complicating menace detection.

As obfuscation instruments proliferate, safety groups should improve Unicode-aware scanning and behavioral evaluation. Whereas pitched experimentally, InvisibleJS underscores the dual-use nature of coding improvements in cybersecurity.

Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , ,

Related Posts

New Linux Malware Poses Threat to Software Developers New Linux Malware Poses Threat to Software Developers Cyber Security News
Russian Fake-News Network CopyCop Added 200+ New Websites to Targets US, Canada and France Russian Fake-News Network CopyCop Added 200+ New Websites to Targets US, Canada and France Cyber Security News
AI-Enhanced NGate Malware Targets NFC Payment Apps AI-Enhanced NGate Malware Targets NFC Payment Apps Cyber Security News
Identity Theft Surges as Criminals Deploy Advanced Tactics to Steal Personal Data Identity Theft Surges as Criminals Deploy Advanced Tactics to Steal Personal Data Cyber Security News
New Android Bug Impacts Volume Buttons Functionality with “Select to Speak” Enabled New Android Bug Impacts Volume Buttons Functionality with “Select to Speak” Enabled Cyber Security News
Hackers Compromise Active Directory to Steal NTDS.dit that Leads to Full Domain Compromise Hackers Compromise Active Directory to Steal NTDS.dit that Leads to Full Domain Compromise Cyber Security News