Google has long restricted Gmail file attachments ending in: .exe, .msc, and .bat for security reasons. On Monday 13 February 2017, they added blocking for .js file attachments. A JS file is mainly used to run “client side” JavaScript code on a webpage. Javascript downloaders can be used by criminals to download and execute malicious payloads such as Citadel and TeslaCrypt.
Wapack Labs has reported on JavaScript Downloaders in the past. An archive of related reporting can be found in the Red Sky Alliance Portal.
The following organizations were cited in this report: Google
TLP: AMBER
ACTOR TYPE: (I&II)
SERIAL: TR-034-2017
COUNTRIES: XZ
INDUSTRIES: ALL
REPORT DATE: 20170214
Wapack Labs has reported on JavaScript Downloaders in the past. An archive of related reporting can be found in the Red Sky Alliance Portal.
The following organizations were cited in this report: Google
TLP: AMBER
ACTOR TYPE: (I&II)
SERIAL: TR-034-2017
COUNTRIES: XZ
INDUSTRIES: ALL
REPORT DATE: 20170214