How big is the issue?
Akamai researchers studied more than 10,000 malicious JS samples for cyber threats.
It was found that at least 25% of samples used JS obfuscation techniques to evade detection.
Packers today aid in the propagation of phishing pages, malware droppers, scams, crypto-malware, and even Magecart attacks.
In fact, hackers injected sunburst malware using obfuscation to evade defenses against the 2020 SolarWinds attack.
A historic background
Packers evolved as an alternative to JS libraries to help developers abbreviate the number of bytes downloaded on each page in order to support richer web applications.
Hackers rather saw packers as a way to dodge and bypass security checks.
An example of changing obfuscation frequently
There could be several ways of obfuscating code and wrapping malware as software packages and they cannot be limited. In August, Microsoft reported a group running a phishing campaign, dubbed XLS.HTML, and changing their obfuscation technique at least 10 times within a year. With changing techniques, authors simply repackage common attack methods to disguise their features.
Moreover, hackers have started including user-friendly tools in their phishing attempts with an intent to add more sophistication to obfuscation techniques.