This morning, the researchers at Forcepoint X-Labs have released new findings confirming that in Q3, organizations across industries have seen a steep increase in JavaScript-attachment-based campaigns that deliver a variety of information-stealing and RAT malware, such as DarkCloud, Remcos, Agent Tesla, and Formbook.
Authored by Senior Security Researcher Mayur Sewani, the post discusses (with supporting images and code) how attackers are cloaking their lures in everyday business communications with fake quotes, purchase orders, shipment alerts and even WeTransfer-style links to slip past conventional filters and take advantage of recipient’s trust. For this analysis, the X-labs team reviewed thousands of email subject lines and found similar social engineering tactics being used repeatedly.
These scripts act as downloaders, using PowerShell and steganography to deliver .NET-based RATs and Infostealers. Advanced obfuscation, sandbox evasion, and process hollowing highlight the increasing sophistication of these attacks.
Sewani recommends that organizations combine advanced email filtering, endpoint protection, and user awareness to mitigate these threats.
The full post can be found at: https://www.forcepoint.com/blog/x-labs/q3-2025-threat-brief-obfuscated-javascript-steganography
Related
This entry was posted on October 8, 2025 at 1:43 pm and is filed under Commentary with tags Forcepoint X-Labs. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Forcepoint X-Labs Post –> Sharp Rise: Obfuscated JavaScript & Steganography Enabling Malware Delivery
This morning, the researchers at Forcepoint X-Labs have released new findings confirming that in Q3, organizations across industries have seen a steep increase in JavaScript-attachment-based campaigns that deliver a variety of information-stealing and RAT malware, such as DarkCloud, Remcos, Agent Tesla, and Formbook.
Authored by Senior Security Researcher Mayur Sewani, the post discusses (with supporting images and code) how attackers are cloaking their lures in everyday business communications with fake quotes, purchase orders, shipment alerts and even WeTransfer-style links to slip past conventional filters and take advantage of recipient’s trust. For this analysis, the X-labs team reviewed thousands of email subject lines and found similar social engineering tactics being used repeatedly.
These scripts act as downloaders, using PowerShell and steganography to deliver .NET-based RATs and Infostealers. Advanced obfuscation, sandbox evasion, and process hollowing highlight the increasing sophistication of these attacks.
Sewani recommends that organizations combine advanced email filtering, endpoint protection, and user awareness to mitigate these threats.
The full post can be found at: https://www.forcepoint.com/blog/x-labs/q3-2025-threat-brief-obfuscated-javascript-steganography
Share this:
Like this:
Related
This entry was posted on October 8, 2025 at 1:43 pm and is filed under Commentary with tags Forcepoint X-Labs. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.