Beware of emails with JavaScript attachments!

New WAF attack timelines show the start and end of a threat.
No more logs. See how →

Malware peddlers are always looking for the next trick to get users to infect their computers. According to Microsoft and other sources, the current latest trick is malicious JavaScript attachments.

The spam campaigns delivering these attachments range from blank emails pretending to deliver a business cards and fake “order status” emails, to bank-related and resume-themed spam.

The malicious attachment usually comes in the form of a ZIP or RAR archive file, and once unpacked, the files sport a .js or .jse extension.

Clicking on them (i.e. running them) starts a process that results in malware – usually ransomware or a banking Trojan – being downloaded on the victim’s computer from a malware-hosting site.

Malicious JavaScript code sample

“The JavaScript attachments are heavily-obfuscated to avoid antivirus software detections. In some cases, the malicious JavaScript attachment is bundled with a dummy file to evade email rules,” Alden Pornasdoro of the Microsoft Malware Protection Center noted, and pointed out that this approach requires at least one less click by the victim when compared to the “Office attachment with malicious macros” malware delivery method.

“Be wary of emails with JavaScript attachments. It is uncommon and quite suspicious for people to send legitimate applications in pure JavaScript file format via email. Do not click or open it,” he advised, and shared other best practices for users and administrators.

In general, it’s a good idea never to blindly open attachments sent via email, even if they come from someone you know.

Malware can compromise computers and make them send out malicious emails to all of the victim’s email contacts, and cyber criminals can hijack people’s email accounts via phishing or password-stealing malware and do the same.

Checking with the sender before opening the attachment is a good idea, and even then checking with an appropriate tool or service (e.g. VirusTotal) whether the file might be dangerous is an added step that should become practice for everyone.

Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.