Legit tools Node.JS and WinDivert abused by fileless malware campaign – Digitalmunition




News no image

Published on September 30th, 2019 📆 | 2086 Views ⚑

0

Legit tools Node.JS and WinDivert abused by fileless malware campaign

An attack campaign targeting
primarily the U.S. and Europe is leveraging two legitimate tools, the Node.js
framework and WinDivert, to install “fileless” malware that appears to either
turn victims’ systems into proxies or perpetrates click fraud. Researchers from
both Microsoft Corporation and Cisco Talos yesterday
filed separate reports warning of this campaign, which they have
named Nodersok or Divergent, respectively. Microsoft, which discovered the
campaign in mid-July, said thousands of machines have been targeted in the last
several weeks alone, the majority of which belong to consumers. However,
roughly three percent of attacks have hit organizations, particularly
educational institutions. The U.S. has been targeted 60 percent of the time,
followed by the U.K. (21 percent), Germany (8 percent), Italy (5 percent),
France (3 percent) and Sweden (1 percent).

Source: SC Magazine



Source link

Tagged with:



Leave a Reply ✍


loading...