Reflow JavaScript backdoor

After investigating a compromised device, researchers were able to extract some scripts left behind by the attackers. These scripts are a Windows backdoor written in JavaScript and some C&C backend instructions. These were located in the running process named “wscript.exe”, which is a legitimate Windows program. At first, researchers didn’t[…]

Read more