Technology NewsTechnology NewsTechnology News
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Reading: Hackers Exploit JavaScript Framework to Evade Detection
Share
Font ResizerAa
Technology NewsTechnology News
Font ResizerAa
Search
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Follow US
  • Cookie Policy (EU)
  • Contact
  • About
© 2025 NEWSLINKER - Powered by LK SOFTWARE
Cybersecurity

Hackers Exploit JavaScript Framework to Evade Detection

Highlights

  • Hackers exploit JavaScript frameworks to bypass security controls.

  • ClearFake campaign uses social engineering to execute PowerShell commands.

  • Organizations must adopt multi-layered security strategies and user education.

Kaan Demirel
Last updated: 5 June, 2024 - 10:16 am 10:16 am
Kaan Demirel 11 months ago
Share
SHARE

Hackers are increasingly targeting popular JavaScript frameworks to execute harmful activities while bypassing security measures. By leveraging well-known frameworks trusted by developers and companies, attackers effectively disguise their malicious intent, making it harder for security tools to detect and mitigate threats. JavaScript’s cross-platform nature further exacerbates the issue, allowing for widespread and varied attacks.

Contents
ClearFake Campaign ExplainedRecommendations

JavaScript frameworks are collections of pre-written JavaScript code that provide developers with common programming functionalities. These frameworks simplify the process of creating web applications by offering ready-made components and tools. Popular examples include React, Angular, and Vue.js. They have been widely used since their inception in the early 2010s, and their open-source nature encourages broad adoption and community-driven enhancements.

Recent findings by cybersecurity researchers at ReliaQuest reveal a campaign using the ClearFake JavaScript framework. This campaign tricks users into manually executing harmful PowerShell commands, bypassing traditional security measures. Unlike drive-by downloads, this new method requires user interaction, making it harder for automated security tools to detect the threat. The ultimate goal of these attacks is to install multi-stage malware, including the LummaC2 infostealer.

ClearFake Campaign Explained

The ClearFake campaign uses various social engineering techniques, such as displaying fake browser update messages. These messages prompt users to download and run infected files, leading to the installation of malicious software. To avoid detection, these attacks initiate processes without any parent process or command line, making it challenging for security tools to trace the activity back to its source. Additionally, the PowerShell code used is often base64 encoded, further obfuscating the attack.

Historically, similar campaigns have exploited trusted frameworks and user interactions to spread malware. A recent campaign compromised legitimate websites to display fake browser errors, asking users to run obscure PowerShell commands. This sequence of events installed a “root certificate,” ultimately leading to the installation of LummaC2 malware through DLL sideloading. This method allows attackers to execute their payload without raising immediate suspicion.

Recommendations

– Enforce application control to restrict unauthorized PowerShell execution.
– Enhance user awareness on the risks of executing untrusted code.
– Regularly patch websites and tools to prevent code injection vulnerabilities.
– Block access to suspicious newly registered domains like .xyz TLDs.
– Implement restrictive Windows Defender Application Control (WDAC) policies to constrain malicious PowerShell functions.
– Integrate endpoint security with Antimalware Scan Interface (AMSI) for script command analysis.
– Enforce restrictive PowerShell execution policies.

These findings underscore the critical need for robust security measures and user education. Organizations must regularly review PowerShell restrictions and enhance user awareness to mitigate emerging threats. The increasing sophistication of these attacks, which leverage trusted frameworks and user interactions, highlights the importance of adopting multi-layered security strategies. By implementing comprehensive security policies and staying vigilant against new tactics, organizations can better protect themselves from these sophisticated cyber threats.

You can follow us on Youtube, Telegram, Facebook, Linkedin, Twitter ( X ), Mastodon and Bluesky

You Might Also Like

Cyberattack Forces PowerSchool to Face Extortion Scandal

CrowdStrike Faces Workforce Reduction Amid Financial Shifts

Authorities Seize DDoS Platforms in Multi-National Operation

Trump Urges Colorado to Release Jailed Clerk Over Election Breach

Google Targets Vulnerabilities in May Security Update

Share This Article
Facebook Twitter Copy Link Print
Kaan Demirel
By Kaan Demirel
Kaan Demirel is a 28-year-old gaming enthusiast residing in Ankara. After graduating from the Statistics department of METU, he completed his master's degree in computer science. Kaan has a particular interest in strategy and simulation games and spends his free time playing competitive games and continuously learning new things about technology and game development. He is also interested in electric vehicles and cyber security. He works as a content editor at NewsLinker, where he leverages his passion for technology and gaming.
Previous Article Discover Affordable Alternatives to Apple Pencil
Next Article Artificial Intelligence Utilized to Measure Stress in Agricultural Workers

Stay Connected

6.2kLike
8kFollow
2.3kSubscribe
1.7kFollow

Latest News

Mazda Partners with Tesla for Charging Standard Shift
Electric Vehicle
Trump Alters AI Chip Export Strategy, Reversing Biden Controls
AI
Solve Wordle’s Daily Puzzle with These Expert Tips
Gaming
US Automakers Boost Robot Deployment in 2024
Robotics
Uber Expands Autonomy Partnership with $100 Million Investment in WeRide
Robotics
NEWSLINKER – your premier source for the latest updates in ai, robotics, electric vehicle, gaming, and technology. We are dedicated to bringing you the most accurate, timely, and engaging content from across these dynamic industries. Join us on our journey of discovery and stay informed in this ever-evolving digital age.

ARTIFICAL INTELLIGENCE

  • Can Artificial Intelligence Achieve Consciousness?
  • What is Artificial Intelligence (AI)?
  • How does Artificial Intelligence Work?
  • Will AI Take Over the World?
  • What Is OpenAI?
  • What is Artifical General Intelligence?

ELECTRIC VEHICLE

  • What is Electric Vehicle in Simple Words?
  • How do Electric Cars Work?
  • What is the Advantage and Disadvantage of Electric Cars?
  • Is Electric Car the Future?

RESEARCH

  • Robotics Market Research & Report
  • Everything you need to know about IoT
  • What Is Wearable Technology?
  • What is FANUC Robotics?
  • What is Anthropic AI?
Technology NewsTechnology News
Follow US
About Us   -  Cookie Policy   -   Contact

© 2025 NEWSLINKER. Powered by LK SOFTWARE
Welcome Back!

Sign in to your account

Register Lost your password?