CYFIRMA Research: JavaScript to Command-and-Control (C2) Server Malware

Update: 2025-02-14

Description

The cyber threat landscape is evolving, with hackers deploying multi-stage malware using obfuscation, steganography, and covert communication channels to evade detection.

Attacks start with an Obfuscated JavaScript, fetching encoded commands from a URL and executing an obfuscated PowerShell script, downloading a JPG image and obfuscated text file concealing malicious MZ DOS executables. The Stealer malware is then deployed, extracting passwords, browser data, and system info. The stolen data is subsequently sent to the attackers via Telegram bots, bypassing traditional security.

Stay Safe! Avoid running unknown scripts & suspicious downloads.

Link to the Research Report: https://www.cyfirma.com/research/javascript-to-command-and-control-c2-server-malware/

#Cybersecurity #MalwareAlert #StaySafe #ProtectYourData #CYFIRMA #CyfirmaResearch #ExternalThreatLandscapeManagement #ETLM

https://www.cyfirma.com/

Comments

In Channel

CYFIRMA Research- SeedSnatcher: Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases

2025-12-1804:16

CYFIRMA Research- RTO Challan Fraud A Technical Report on APK-Based Financial and Identity Theft

2025-12-1607:17

CYFIRMA Research- Tracking Ransomware – November 2025

2025-12-1205:17

CYFIRMA Research- APT36 Python Based ELF Malware Targeting Indian Government Entities

2025-12-1104:46

CYFIRMA Research: North Korean Cyber Crime as a Statecraft Tool

2025-12-0907:08

CYFIRMA Research: Rising Cybercrime During Black Friday & Cyber Monday- A 2025 Threat Intelligence Report

2025-12-0108:05

CYFIRMA Research: Tycoon 2FA- A Technical Analysis of its Adversary-in-the-Middle Phishing Operation

2025-11-2703:21

CYFIRMA Research- Pig Butchering Scams: Cybercrime Threat Intelligence

2025-11-2107:51

CYFIRMA Research- Regional Stability on Shaky Ground: Cyber Threat Escalation in the Middle East

2025-11-1407:15

CYFIRMA Research- Telemetry Relay: When Diagnostics Turn Against You

2025-11-1106:07

CYFIRMA Research- Tracking Ransomware: October 2025

2025-11-1003:19

CYFIRMA Research: Android/BankBot- YNRK Mobile Banking Trojan

2025-11-0403:50

CYFIRMA Research- GhostGrab Android Malware

2025-11-0305:17

Cyfirma Research- CVE-2025-6541: TP-Link Omada Gateway Remote Command Injection Vulnerability Analysis

2025-10-3104:51

CYFIRMA Research: DPRK Sanctions Violations in Cyber Operations Post-UN Panel Demise

2025-10-1305:49

CYFIRMA Research- Tracking Ransomware: September 2025

2025-10-0704:11

CYFIRMA Research: Yurei Ransomware- The Digital Ghost

2025-10-0606:14

CYFIRMA Research- DeerStealer Malware Campaign: Stealth, Persistence, and Rootkit-Like Capabilities

2025-09-2203:30

CYFIRMA Research- Defence Industry Threat Report

2025-09-1906:04

CYFIRMA Research: Unmasking a Python Stealer- XillenStealer

2025-09-1706:18

00:00

1.0x

CYFIRMA Research: JavaScript to Command-and-Control (C2) Server Malware

#box-pro-ellipsis-176653724042070{-webkit-line-clamp:2;}CYFIRMA Research: JavaScript to Command-and-Control (C2) Server Malware

CYFIRMA Research: JavaScript to Command-and-Control (C2) Server Malware

CYFIRMA

CYFIRMA Research: JavaScript to Command-and-Control (C2) Server Malware