This document summarizes Kazuki Takada's presentation on analyzing malicious JavaScript. It discusses banking malware that steals banking credentials through fraudulent screens. It then describes a specific banking Trojan called ROVNIX that injects malicious JavaScript onto banking websites to manipulate transactions. The presentation details the cat-and-mouse game between Kazuki and criminals modifying JavaScript to hide the malicious code, with each outmaneuvering the other by traversing the DOM, overriding functions like alert and toString, and modifying property descriptors. It concludes that fully understanding JavaScript's abilities allows criminals to persistently attack while information sharing is crucial in the fight.