Microsoft warns of the Nodersok malware that has infected thousands of computers in Europe and America.

Computer code on a screen with a skull representing a computer virus / malware attack.

Get real time updates directly on you device, subscribe now.

Microsoft has warned that thousands of Windows computers around the world have been affected by a new strain of malware that downloads and installs a copy of the widely used framework Node.js in order to convert infected systems into agents and to lead scams through Clicks.
 
The malware, called Nodersok in the Microsoft report and “Divergent” in the Cisco Talus report, was discovered during the summer and distributed through malicious ads that forcibly downloaded HTA (HTML) files on computers of the users.
 
Users – who found and activated these HTA files – began a multi-step infection process, including Excel, JavaScript, and PowerShell, which eventually downloaded and installed malware Nodersok.
 
The malware itself also has several components, each with its own role, and there is a PowerShell unit that attempts to disable Windows Defender and Windows Update, and there is a component to enhance system-level malware permissions.
 
There are also two legitimate applications: WinDivert, an application for capturing and interacting with network packets, and Node.js, a well-known developer tool for running JavaScript on Web servers.
 
According to reports from Microsoft and Cisco, the malware uses WinDivert and Node.js on infected hosts to turn them into agents to perform malicious activities.
 
Microsoft claims that malware turns infected hosts into agents that can transmit malicious data, while Cisco claims that malware uses infected hosts for click-based fraud.
 
Malware owners Nodersok can distribute other units to perform additional tasks at any time or even to distribute secondary malware, such as ransomware, or banking Trojans.
 
To prevent infection, Microsoft advises users not to read HTA files on their system, especially if they do not know the exact source of the files.
 
Microsoft has confirmed that Nodersok has infected thousands of devices in recent weeks. The company said most injuries occurred this month, affecting users in the United States and the European Union.
 
Source: Websites

Get real time updates directly on you device, subscribe now.

Loading...