Malware, Threat Management

Researchers spot increase in malicious VBScripts that use obfuscation

Malwarebytes researchers have spotted an increase in the number of malicious VBScripts (Visual Basic Scripting Edition) files that use obfuscation methods in the wild.

One of the malicious files was named TEMPcoral.vbs and was found on systems that were heavily infected with Trojan.Droppers and Trojan.Clickers, according to a Feb. 29 blog post.

Researchers also spotted a malicious VBScript that was actually a Banker.Trojan downloader and another one that overwrites all vbs files on a system with copies of itself and tries to steal Bitcoin keys.

Users can become infected through drive-by downloads, malvertising attacks and various methods that infect Word and Excel documents, the post stated.

Researchers recommend users don't run scripts unless they need to, consider disabling Windows Script Host, and not enable macros unless they can trust it and actually need to do so to use the document at hand.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.