Shifting Malware Tactics & Stealthy Use of Non-Executable .txt & .log Files

The malware landscape is constantly evolving — and bad actors are always devising new techniques to evade detection. Our analysts most commonly find website malware nestled within JavaScript or PHP files, which can be directly executed by browsers or servers. However, we’re encountering more and more instances of malware that use code from non-executable files (e.g. .txt, .log, etc.), a tactic specifically designed to bypass usual detection rules.

In this blog post, we’ll delve into these techniques, provide some clear …

analysts bad bad actors black hat tactics browsers detection evade files find hacked websites javascript log log files malware non obfuscation php servers tactics techniques txt website website malware infections website security