InvisibleJS Emerges as Stealthy JavaScript Obfuscator Using Zero-Width Characters

InvisibleJS Emerges as Stealthy JavaScript Obfuscator Using Zero-Width Characters

Posted on By CWS

InvisibleJS, a brand new open-source software that conceals JavaScript code utilizing invisible zero-width Unicode characters, raises alarms about potential misuse in malware campaigns.

InvisibleJS, hosted on GitHub by developer With alias oscarmine, employs steganography to embed supply code into seemingly clean recordsdata. The method converts JavaScript into binary strings, mapping 0s to Zero Width House (U+200B) and 1s to Zero Width Non-Joiner (U+200C).

A small bootstrap loader then decodes and runs the hidden payload at runtime, making the code invisible to the bare eye in editors like VS Code.

Two Variations for Totally different Environments

The repository presents Model 1 (Traditional with eval), supreme for CommonJS and legacy Node.js setups, supporting require and module.exports natively.

Model 2 (Trendy with import) targets ES Modules, utilizing dynamic await import() for top-level await and exports, although it requires .mjs recordsdata or “sort”: module configuration.

Hiding code is easy by way of CLI:

Model 1: node hideV1.mjs -i enter.js -o hidden.js

Model 2: node hideV2.mjs -i enter.js -o hidden.js

Execution follows with node hidden.js, producing regular output regardless of the clean look.

FeatureVersion 1 (eval)Model 2 (import)Invisibility100percent100percentCommonJS SupportNativeLimitedESM SupportNoFullTop-Degree AwaitNoYesExecutionSynchronousAsynchronousDecoder LengthShortLong

This method echoes prior zero-width JS proofs-of-concept relationship again to 2018, now weaponized in phishing assaults. Attackers have abused related Unicode obfuscation utilizing Hangul characters for binary to cover payloads in scripts, evading scanners with anti-debug checks.

InvisibleJS might amplify such threats, enabling stealthy malware loaders in Node.js environments or net apps, complicating menace detection.

As obfuscation instruments proliferate, safety groups should improve Unicode-aware scanning and behavioral evaluation. Whereas pitched experimentally, InvisibleJS underscores the dual-use nature of coding improvements in cybersecurity.

Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , ,

Related Posts

CISA releases Secure Connectivity Principles Checklist for Operational Technology Networks Connectivity CISA releases Secure Connectivity Principles Checklist for Operational Technology Networks Connectivity Cyber Security News
Dark Web Omertà Market Shut Downed Following the Leak of Real Server IPs Dark Web Omertà Market Shut Downed Following the Leak of Real Server IPs Cyber Security News
North Korean Kimsuky and Lazarus Join Forces to Exploit Zero-Day Vulnerabilities Targeting Critical Sectors Worldwide North Korean Kimsuky and Lazarus Join Forces to Exploit Zero-Day Vulnerabilities Targeting Critical Sectors Worldwide Cyber Security News
COLDRIVER APT Group Uses ClickFix To Deliver a New PowerShell-Based Backdoor BAITSWITCH COLDRIVER APT Group Uses ClickFix To Deliver a New PowerShell-Based Backdoor BAITSWITCH Cyber Security News
Matanbuchus Malware Downloader Evading AV Detections by Changing Components Matanbuchus Malware Downloader Evading AV Detections by Changing Components Cyber Security News
Zero Trust Architecture Building Resilient Defenses for 2025 Zero Trust Architecture Building Resilient Defenses for 2025 Cyber Security News