In many web browsers, the WebAssembly programming language is taking over execution tasks that were once exclusively the domain of JavaScript. Now Wasm is used increasingly for malicious purposes, new research shows.
*
Wasm (the WebAssembly code) has gained significant traction on websites over the past three years. Before WebAssembly, developers were stuck with JavaScript. They didn’t have another choice that could deliver both speed and performance in the same package.
The problem with JavaScript is that it wasn’t designed to be the controller of CPU-intensive tasks and ran into performance problems when it was forced to.
Wasm, on the other hand, benefits from how it formats data, which enables it to speed up execution. This advantage allows for speeds similar to that of a compiled language like C.
The major browser makers have agreed on WebAssembly as a format. It now runs on most modern browsers.
However, there’s a catch, and it’s not trivial.
According to a recent publication by German researchers from Technical University Braunschweig, they discovered that more than half of the Wasm modules they found in the wild and inspected are malicious and used for nefarious purposes.
In their research paper, New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild, the team led by Marius Musch document what they found when they examined the prevalence of WebAssembly modules on Alexa Top 1 Million websites.
Source: TU Braunschweig
The TU Braunschweig researchers didn’t just check if Wasm was used on those sites. They took the measuring a step further ..
Support the originator by clicking the read the rest link below.
