What Is Script-Based Malware?

When you hear the word "script", you probably think of either a movie script, or JavaScript.Through most of us don't get to see movie scripts, JavaScript is a little more readily available, since it's one of the many scripting languages that are commonly used by programmers to enhance features of websites. Their popularity, unfortunately, is now be leveraged by the bad guys too, as scripting techniques are being used by cybercriminals to enhance the strength of their cyberattacks. In fact, now more than ever, hackers are creating script-based malware, as our researchers have stated in the McAfee labs September 2017 Quarterly Treats Report.Let's take a look as to why script based malware has dramatically increased over the past two years.

Evasion is probably the key reason behind the popularity of this attack tactic, since scripts are easy to obfuscate and therefore difficult to detect.Plus, scripting languages are generally easier to learn and faster to code in than other languages, making them an easy sell for eager hackers.

Specially, the scripting languages these crooks are using include: JavaScript, VBSdript, PHP, PowerShell, and others. Our McAfee labs team has been Bartallex, Kovter, Nemucod, and W97/Downloader, along with many other malwares, usning these scripts to deliver malicious payloads to victims devices.For instance, in 2016, Locky was spread by using multiple obfuscated layers of JavaScript.We have also seen the execution of fileless malware with the help of a PowerShell script.

Now,the next question is - what does this mean for you? And what can you do to protect your devices from script-based malware? The best way to protect your personal devices from script-based malware infections is to stop them before they happen.So be sure to remain wary of downloading and installing applications that you don't understand or trust, and always apply security updates and patches for applications and operating systems.Additionally, block cyberattacks before they happen with a comprehensive security solution such as McAfee LiveSafe, which is now new and improved.