InvisibleJS Emerges as Stealthy JavaScript Obfuscator Using Zero-Width Characters

InvisibleJS Emerges as Stealthy JavaScript Obfuscator Using Zero-Width Characters

Posted on By CWS

InvisibleJS, a brand new open-source software that conceals JavaScript code utilizing invisible zero-width Unicode characters, raises alarms about potential misuse in malware campaigns.

InvisibleJS, hosted on GitHub by developer With alias oscarmine, employs steganography to embed supply code into seemingly clean recordsdata. The method converts JavaScript into binary strings, mapping 0s to Zero Width House (U+200B) and 1s to Zero Width Non-Joiner (U+200C).

A small bootstrap loader then decodes and runs the hidden payload at runtime, making the code invisible to the bare eye in editors like VS Code.

Two Variations for Totally different Environments

The repository presents Model 1 (Traditional with eval), supreme for CommonJS and legacy Node.js setups, supporting require and module.exports natively.

Model 2 (Trendy with import) targets ES Modules, utilizing dynamic await import() for top-level await and exports, although it requires .mjs recordsdata or “sort”: module configuration.

Hiding code is easy by way of CLI:

Model 1: node hideV1.mjs -i enter.js -o hidden.js

Model 2: node hideV2.mjs -i enter.js -o hidden.js

Execution follows with node hidden.js, producing regular output regardless of the clean look.

FeatureVersion 1 (eval)Model 2 (import)Invisibility100percent100percentCommonJS SupportNativeLimitedESM SupportNoFullTop-Degree AwaitNoYesExecutionSynchronousAsynchronousDecoder LengthShortLong

This method echoes prior zero-width JS proofs-of-concept relationship again to 2018, now weaponized in phishing assaults. Attackers have abused related Unicode obfuscation utilizing Hangul characters for binary to cover payloads in scripts, evading scanners with anti-debug checks.

InvisibleJS might amplify such threats, enabling stealthy malware loaders in Node.js environments or net apps, complicating menace detection.

As obfuscation instruments proliferate, safety groups should improve Unicode-aware scanning and behavioral evaluation. Whereas pitched experimentally, InvisibleJS underscores the dual-use nature of coding improvements in cybersecurity.

Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , ,

Related Posts

CISA Adds Critical React2Shell Vulnerability to KEV Catalog Following Active Exploitation CISA Adds Critical React2Shell Vulnerability to KEV Catalog Following Active Exploitation Cyber Security News
Cloud Security Essentials – Protecting Multi-Cloud Environments Cloud Security Essentials – Protecting Multi-Cloud Environments Cyber Security News
Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users Cyber Security News
Ransomware Tactics Evolve Amid Declining Profits, Google Reports Ransomware Tactics Evolve Amid Declining Profits, Google Reports Cyber Security News
New ModStealer Evade Antivirus Detection to Attack macOS Users and Steal Sensitive Data New ModStealer Evade Antivirus Detection to Attack macOS Users and Steal Sensitive Data Cyber Security News
Critical Android 0-Click Vulnerability in System Component Allows RCE Attacks Critical Android 0-Click Vulnerability in System Component Allows RCE Attacks Cyber Security News