https://www.sciencedaily.com/releases/2019/10/191022115234.htm

"When you go to most websites, your browser starts running the site's JavaScript programs pretty much immediately -- and you have little or no idea of what that JavaScript is doing," says Alexandros Kapravelos, co-author of a paper on VisibleV8 and an assistant professor of computer science at NC State. "Previous state-of-the-art malware detection systems rely on making changes to JavaScript code in order to see how the code is being executed. But this approach is easily detected, allowing malware programs to alter their behavior in order to avoid being identified as malicious.

"VisibleV8 runs in the browser itself, recording how JavaScript is executed; it doesn't interact with the code and, as a result, is far more difficult to detect."