JavaScript, the ubiquitous scripting language used across Web applications worldwide, is becoming a key ingredient in phishing campaigns looking to plant malicious code on victims’ computers, new research shows.
Phishing attacks using JavaScript obfuscation techniques rose more than 70% from November 2019 through August 2020, according to Akamai lead researcher Or Katz.
Katz says that the reason for the rise in this attack technique is simple. “The fact that JavaScript is a scripting language that runs on the client side gives [attackers] the ability to create content, but only once that content is rendered on the browser of the potential victims, will the actual page be rendered and be presented to the victim,” Katz says. “Only at that point in time will you see the actual phishing website asking for credentials or other personal information.”
