‘); doc.close(); })();
- Edition:
- Asia
- Australia
- Europe
- India
- United Kingdom
- United States
- ZDNet around the globe:
- ZDNet China
- ZDNet France
- ZDNet Germany
- ZDNet Korea
- ZDNet Japan
Half of the websites using WebAssembly use it for malicious purposes
WebAssembly not that popular: Only 1,639 sites of the Top 1 Million use WebAssembly.
techrepublic cheat sheet
Around half of the websites that use WebAssembly, a new web technology, use it for malicious purposes, according to academic research published last year.
WebAssembly is a low-level bytecode language that was created after a joint collaboration between all major browser vendors.
It introduces a new binary file format for transmitting code from a web server to a browser. Once it reaches the browser, WebAssembly code (Wasm) executes with near-native speed, similar to compiled C, C++, or Rust code.
WebAssembly was created for both speed and performance. Due to its binary machine-friendly format, Wasm code is smaller than its equivalent JavaScript form, but also many times faster when executing. This has made WebAssembly the next incarnation of Adobe Flash, allowing websites to run complex CPU-intensive code without freezing a browser, a task for which JavaScript was never designed or optimized for.
WebAssembly was first proposed in 2017, was approved as an official W3C (World Wide Web Consortium) standard in late 2019, and is currently supported by all major browsers, on both desktop and mobile devices.
Assessing WebAssembly's use
In an academic research project that was carried out last year, four researchers from the Technical University in Braunschweig, Germany, looked at WebAssembly's use on the Alexa Top 1 Million popular sites on the internet, in an attempt to gauge the popularity of this new technology.
For a period of four days, the research team loaded each of the Alexa Top 1 Million websites, along with three random pages, and measured WebAssembly use, but also the time each site took to run the code.
In total, the research team says it analyzed WebAssembly use on 947,704 sites from the Alexa Top 1 Million (some were offline or had timed out during tests), analyzing code from a total of 3,465,320 individual pages.
"Overall, we discovered 1,639 sites loading 1,950 Wasm modules, of which 150 are unique samples," the research team said.
"This means that some Wasm modules are popular enough to be found on many different sites," they said. "In one case the exact same module was present on 346 different sites."
"On the other hand, 87 samples are completely unique and were found only on one site, which indicates that many modules are a custom development for one website."
Primarily used for cryptomining and gaming
But the research team also looked at the nature of the Wasm code each website was loading. They manually analyzed code, looked at function names and embedded strings, and then mapped out clusters of similar code.
Researchers said the vast majority of code samples they analyzed were used for cryptocurrency-mining (32% of the samples) and online gaming (29.3% of samples).
However, while the vast majority of samples were used for legitimate purposes, two categories of Wasm code stood out as inherently malicious.
The first category was WebAssembly code used for cryptocurrency-mining. These types of Wasm modules were often found on hacked sites, part of so-called cryptojacking (drive-by mining) attacks.
The second category referred to WebAssembly code packed inside obfuscated Wasm modules that intentionally hid their content. These modules, the research team said, were found part of malvertising campaigns.
The research team says that WebAssembly code from these two categories accounted for 38.7% of the samples they found, but the modules were used on more than half of the websites they analyzed, primarily because the code was often reused across multiple domains, part of large-scale hacking operations.
Going forward, researchers say they see the trend of using WebAssembly code for malicious purposes gaining traction in the upcoming future.
"We are currently only seeing the tip of the iceberg of a new generation of malware obfuscations on the Web," the research team said.
Academics recommend that cyber-security firms invest in updating security products to handle the new spectrum of threats that will originate from this new technology.
Security
- China's TikTok banned by US Army amid security concerns: Report
- Microsoft takes down 50 domains operated by North Korean hackers
- IoT vendor Wyze confirms server leak
- The bizarre story of the first ransomware attack (ZDNet YouTube)
- Best home security of 2019: Professional monitoring and DIY (CNET)
- How to protect specific folders and files in Windows (TechRepublic)
Related Topics:
More from Catalin Cimpanu
fly_user.terms_of_service.header_thank_you
Please review our terms of service to complete your newsletter subscription.
Related Stories
1 of 3
FBI asks Apple to help unlock iPhones belonging to alleged Pensacola shooter
The FBI has court permission to access data on the iPhones, but both are password protected.
Travelex faces ransom demands following NYE malware attack
The currency exchange has been issued a deadline to pay up by those responsible.
UK man sentenced to prison for hacking and spying on victims through their webcams
UK police say suspect recorded victims during intimate moments using malware named Imminent Monitor RAT.
YouTube rolls out changes for COPPA compliance, expects 'significant impact' for creators
Content creators may be in for a bumpy ride.
This password-stealing malware just got updated with new tactics to help it hide better
Predator the Thief updated again; make sure your systems are patched and staff are alert to the risks of phishing.
Insight Partners acquires enterprise security firm Armis in $1.1 billion deal
Insight Partners says the deal addresses a global enterprise endpoint security need.
CES 2020: BlackBerry integrates Cylance with QNX to create new security framework for OEMs
BlackBerry said the new AI-based service is meant to protect connected cars from cyber threats.
Disk-wiping malware, phishing and espionage: How Iran's cyber attack capabilities stack up
US warns that cyberattacks could be part of Iran's plans as tensions rise. This is what Iran's current offensive cyber capabilities look like.
Facebook: We'll ban deepfakes but only if they break these rules
Some deepfake videos could remain on Facebook – they just might not be promoted through the News Feed.