JavaScript attachments infect with Locky Ransomware.

A massive distribution of malicious emails with JavaScript files

This massive e-mail campaign has been linked to the cybercriminals behind the Dridex botnet. They have been spotted switching their method of malware distribution with the usual Office files to using infected JavaScript (.js) attachments. The malware that is loaded through these malicious .js attachments is the infamous Locky ransomware.  It appears that somehow Dridex actors and this notorious ransomware are connected.

Locky infection through .js file attachment reported mostly in Europenote-34686_640

A warning of a boom in such spam emails with JavaScript files instead of documents is been released by numerous security experts. Hundreds of millions of messages are being sent daily to unsuspecting users as part of this massive malware attack campaign. Botnets are used to distribute the huge volume of spam emails with infected .js files. According to experts, this attack is the largest malware emailing campaign, observed in the recent years.

Locky Virus Ransomware File Removal

The scale of the attack comes to point out that cybercriminals now rely on new and unknown methods to spread infections rather than the well-known Office files infections with macros.  The thing is that, with time, users became aware of the threats hidden in .doc or .exe files. Therefore, hackers now are switching the tactics, relying on users’ disinformation. They believe that victims will be more likely to click on JavaScript files than they would on Office files.

The trick here is, that the icon looks very much like a document and it may confuse users. Some even may not know what type of file is .js and that it can hide the some danger inside. In fact, such infected files are ideal for distribution of not only Locky but also a wide variety of other ransomware such as the well-known CryptXXX, CryptoWall or even some new malware.

Cryp1 Ransomware – new extension to CryptXXX has just appeared!

Another warning sign, justifying the security experts’ concerns is that a massive increase in the spread of the JS/Danger.Script attachment has been detected by researchers recently. This malicious script is actually a dropper, created with the only purpose to download other malware on the infected PC. It usually introduces the system to crypto-ransomware infections like Locky ransomware and many more.

Ransomware: Security Threat Epidemy!

It is important for users not to get misled by the sophisticated social engineering tactics, used by the hackers. Their only goal is to make the unsuspecting users execute the malicious attachment. Being aware of the threats that are going around the web helps users be on alert and avoid infections.  Once again we will point out that ransomware is a trendy threat – one of the most dangerous malware infections spreading worldwide at the moment. Therefore, to be cautious is essential to our security.


About the author

Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment