Friday, January 17, 2020 [Tweets] [Favorites]

Malicious WebAssembly

Catalin Cimpanu:

In an academic research project that was carried out last year, four researchers from the Technical University in Braunschweig, Germany, looked at WebAssembly’s use on the Alexa Top 1 Million popular sites on the internet, in an attempt to gauge the popularity of this new technology.

[…]

However, while the vast majority of samples were used for legitimate purposes, two categories of Wasm code stood out as inherently malicious.

The first category was WebAssembly code used for cryptocurrency-mining. These types of Wasm modules were often found on hacked sites, part of so-called cryptojacking (drive-by mining) attacks.

The second category referred to WebAssembly code packed inside obfuscated Wasm modules that intentionally hid their content. These modules, the research team said, were found part of malvertising campaigns.

Via Kyle Howells:

WebAssembly should be a user opt-in per website feature.

Comments

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment