Stephan Berger

We recently analyzed an interesting piece of malware that utilizes the legitimate JavaScript runtime, Deno.

The malware was used as a first-stage implant after the user was tricked into downloading and running the malware.

Read the full article here:
https://labs.infoguard.ch/posts/anatomy_deno_rat/

Anatomy of a Deno-Based Proxy & RAT - InfoGuard Labs

Analysis of a Deno-based malware intrusion that began with mailbombing and a fake Microsoft Teams IT-support call, leading a victim to execute a malicious archive. The payload is a modular JavaScript RAT/proxy framework using Deno, with components for C2 over WebSocket, local command execution, persistence, and TCP tunneling for internal pivoting.

InfoGuard Labs
Jun 16 at 7:09amWeb