Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CascadiaJS - Raiders of the Javascript-based Ma...

CascadiaJS - Raiders of the Javascript-based Malware

https://www.amirootyet.com/

Some modern malware are designed entirely in Javascript and executed using the default Windows Script Host or within the user's browser. In this talk, we discuss the design, operation, and implementation intricacies of Javascript-based ransomware and cryptojacking malware.

Pranshu Bajpai

November 16, 2018
Tweet

More Decks by Pranshu Bajpai

Other Decks in Technology

Transcript

  1. R a i d e r s o f t

    h e J a v a S c r i p t - b a s e d M a l w a r e P r a n s h u B a j p a i ( @ a m i r o o t y e t )
  2. I N T R O D U C T I

    O N ~#whoami↵
  3. ELEMENTS OF A RANSOMWARE Initial Entry Encryption Secret Demand Ransom

    File Encryption 1. Infiltration 2. Acquire Key 4. Demand Ransom 3. Encryption
  4. R A A R a n s o m w

    a r e A ransomware written entirely in JavaScript
  5. C r y p t o j a c k

    i n g Unauthorized covert cryptocurrency mining
  6. 1 2 3 4 5 ABOUT CRYPTOJACKING “Bitcoin made ransomware

    possible; Monero made cryptojacking possible”
  7. CRAWL RESULTS Identified 212 websites involved in cryptojacking – Pornography?

    Business? IT? Malicious? – Use the FortiGuard web filter categories: • https://fortiguard.com/webfilter/categories Script to resolve websites to categories
  8. QUESTIONS DURING ANALYSIS CRAWL THE WEB publicwww nerdydata censys OBFUSCATION

    UNAUTHORIZED VALIDATE – Some websites are now unavailable – Some websites have since cleaned the source code
  9. T H A N K Y O U ! Pranshu

    Bajpai Twitter: @amirootyet