3.1 How does a browser locker use JavaScript to act as ransomware?

JavaScript provides certain functionalities that can be used to interact with the browser. We do a lot of stuff with our browser, such as closing a browser window, switching tabs, clicking somewhere, and so on. JavaScript can be triggered by any of these activities. JavaScript refers these activities to an event. So, closing a browser window or switching a tab can trigger a JavaScript event.

JavaScript has a window.onbeforeunload event triggered when the user tries to close the browser. One can associate a function with this event, which will be called when one tries to close the browser. In case of browser ransomware, the code in the associated function should open up ransomware warning messages when the victim tries to close the browser.

A browser (or any application) can be shut down with a keystroke combination of Alt + F4. JavaScript also has an event related to keystrokes when one is working on the browser. One can find out what key has been pressed by using event.keyCode in JavaScript. The ransomware, in this case, checks whether Alt + F4 or Alt+Tab has been pressed. If it detects these key events it again opens up a ransomware warning message:

Table of Contents for 3.1 How does a browser locker use JavaScript to act as ransomware?

Create new playlist

Sign In

Sign Up

Table of Contents for
3.1 How does a browser locker use JavaScript to act as ransomware?