Researchers spot increase in malicious VBScripts that use obfuscation

Researchers at Malwarebytes spotted an increase in malicious VBScripts using obfuscation.
Researchers at Malwarebytes spotted an increase in malicious VBScripts using obfuscation.

Malwarebytes researchers have spotted an increase in the number of malicious VBScripts (Visual Basic Scripting Edition) files that use obfuscation methods in the wild.

One of the malicious files was named TEMPcoral.vbs and was found on systems that were heavily infected with Trojan.Droppers and Trojan.Clickers, according to a Feb. 29 blog post.

Researchers also spotted a malicious VBScript that was actually a Banker.Trojan downloader and another one that overwrites all vbs files on a system with copies of itself and tries to steal Bitcoin keys.

Users can become infected through drive-by downloads, malvertising attacks and various methods that infect Word and Excel documents, the post stated.

Researchers recommend users don't run scripts unless they need to, consider disabling Windows Script Host, and not enable macros unless they can trust it and actually need to do so to use the document at hand.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS