Hide back doors in JavaScript code with a new trick
Invisible characters maliciously hidden in JavaScript code
Everything we cannot see becomes more dangerous. That is a reality. And we can also apply this to computer security. A clear example is what is known as fileless malware. It is not as visible as a virus that comes with a program that we have installed.
In this case, they are invisible characters that can be used by cybercriminals who sneak them into JavaScript codes. This has been demonstrated by a cybersecurity team from the University of Cambridge. This type of attack has been referred to as a Trojan Source. It is capable of injecting vulnerabilities into the source code in such a way that a physical user, in addition to the text editor itself, could not see anything.
This method works with some of the most popular and used programming languages today. Attackers could use this strategy to carry out multiple attacks and put security at risk. It is mainly based on the bidirectional Unicode (Bidi) mechanism.
Security researcher Wolfgang Ettlinger has raised the possibility that a back door can be hidden via this method and that it is impossible to see it even with a thorough code review. In fact, he launched a proof of concept to show that this is possible. In his personal blog, we can see the code that has a hidden back door.
The upshot of all this is the ability to sneak a backdoor into legitimate JavaScript code on paper.
Need to protect equipment
These types of threats, as well as any other "traditional" ones, oblige users to protect their computers at all times and avoid risks. That is why from SpeedNetz we always advise on having a good antivirus, such as Windows Defender, Avast, Bitdefender or any other that fulfills its functions well. But this alone is not enough.
Another essential point to be protected at all times is to have the equipment updated. We must have the latest patches and updates to allow our systems to have the capacity to deal with potential threats and problems that appear.
But without a doubt, the most important thing of all is common sense. Avoiding making mistakes, such as downloading files that may be dangerous, browsing unofficial pages, or opening emails without really knowing who is sending them, will be essential to be protected and prevent our computers from being endangered online.