- Aug 17, 2014
- 11,256
A new fileless malicious campaign, dubbed Nodersok by Microsoft Defender ATP Research Team researchers who discovered it, drops its own LOLBins to infect Windows computers with a Node.js-based malware that will turn the devices into proxies.
Unlike other fileless malware attacks that only use living-off-the-land binaries (LOLBins) present on the devices they compromise, the attackers behind Nodersok have been observed while also delivering the legitimate Node.exe Node.js framework and the Windows Packet Divert (WinDivert) network packet capture tool to devices they target.
The campaign attacked thousands of machines within several weeks, with a focus on home users from U.S. and Europe, with roughly 3% of all attacks also targeting organization from industry sectors such as education, business and professional services, healthcare, finance, and retail.
Microsoft Spots Nodersok Malware Campaign That Zombifies PCs
A new fileless malicious campaign, dubbed Nodersok by Microsoft Defender ATP Research Team researchers who discovered it, drops its own LOLBins to infect Windows computers with a Node.js-based malware that will turn the devices into proxies.
www.bleepingcomputer.com
Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware | Microsoft Security Blog
A new fileless malware campaign we dubbed Nodersok delivers two very unusual LOLBins to turn infected machines into zombie proxies.
www.microsoft.com