|
It's not mentioned in the title, but the payload itself comes with a pretty long wall-of-text comments about biological weapon design and nuclear weapon components. An interesting attempt to make LLMs refuse to touch the payload. Quote: > The _index.js payload begins with a large JavaScript block comment containing
fake system instructions and policy-triggering content. Because it is inside a comment, it does not affect JavaScript execution. The runtime skips it. The
eal malware begins after the comment with a try{eval(...)} wrapper around a
large character-code array and a ROT-style substitution function. > This header appears designed for AI-mediated analysis, not for Node, Bun, or
Python. It attempts to derail scanners or analyst copilots that feed the
beginning of a file to a language model without clearly isolating the content
as untrusted data. In weak pipelines, this can cause refusal behavior, prompt
confusion, context pollution, or premature classification before the scanner
reaches the actual malware. > This is not a magical bypass against static detection. YARA rules, entropy
checks, AST parsing, string extraction, deobfuscation, and behavioral rules
still work. But it is a practical anti-analysis trick against naive LLM-first
triage systems. And I tried to get several hosted models to read the `_index.js` part of the payload through OpenRouter. OpenAI and Anthropic models refused to do anything. Kimi K2.6, GLM 5.1, and Minimax M3 didn't complain though. Edit: fix formatting |