This article details a malspam campaign delivering JavaScript malware, which leverages bulletproof hosting networks to enhance its resilience and evade takedowns. The article does not describe a specific software vulnerability with a CVSS score or fixed version. Security professionals should focus on defending against the attack vector by blocking malicious JavaScript attachments at email gateways and monitoring for suspicious network traffic to known bulletproof hosting IP ranges.
2026-05-26 (Back to Inventory) Pivoting on a malspam infrastructure delivering JS malware backed by bulletproof networks Author(s): CTI Intrinsec , David Sardinha Organization: Intrinsec Open article directly Open article on Archive.org Related Articles 2026-02-27 ⋅ Intrinsec ⋅ Gilbert Kallenborn Analysis of AuraStealer, an emerging infostealer Aura Stealer 2025-11-26 ⋅ Intrinsec ⋅ CTI Intrinsec , David Sardinha Trouble in the air: A spree of campaigns targeting the aerospace industry in Russia DarkWatchman CloudEyE Formbook PhantomCore Remcos 2025-08-28 ⋅ Intrinsec ⋅ David Sardinha VAIZ, FDN3, TK-NET: A nebula of Ukrainian networks engaged in brute force and password spraying attacks Amadey