FAREIT Joins the JavaScript Train

 Analysis by: Michael Angelo Casayuran

JavaScript downloaders, like JS_NEMUCOD variants, are making noise with its widespread distribution of malware such as ransomware and DRIDEX. These downloaders are usually found in spam as attachments.

In late April 2016, there was a noticeable spike in spam with JS downloader attachments. This time, it delivers FAREIT malware. It is not surprising for FAREIT to use JS downloaders. Apart from its widespread use, JS downloaders are relatively easy to have multiple variants on a single attack, helping it evade detection. The surge of spam delivering FAREIT was observed in Europe, North America, Asia Pacific, Japan, and the Latin American regions. Majority of the spam came from Vietnam, India, and Mexico.

Trend Micro product users, specifically using email protection, are assured that email carrying FAREIT are blocked before it reaches your mailboxes. Web protection also ensures the download of malicious files, should spam carrying malware be opened.

 SPAM BLOCKING DATE / TIME: April 21, 2016 GMT-8
  • ENGINE:8.0
  • PATTERN:2276