cybersecurity

3651 readers

8 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

[email protected]

NodeLoader Exposed: The Node.js Malware Evading Detection (www.zscaler.com)

submitted 2 months ago* (last edited 2 months ago) by [email protected] to c/[email protected]

1 comments fedilink hide all child comments

Key Takeaways

ThreatLabz has observed threat actors deploying NodeLoader using the Node Package Manager (NPM) pkg module to turn Node.js code into standalone Windows executable files for malicious purposes.

The threat actors employ social engineering and anti-evasion techniques to deliver NodeLoader undetected.

NodeLoader uses a module called sudo-prompt, a publicly available tool on GitHub and NPM, for privilege escalation.

The malware delivered by NodeLoader includes cryptocurrency miners and information stealers.

top 1 comments

sorted by: hot top controversial new old

[–] [email protected] 6 points 2 months ago

Lmao they just use node to download a powershell script and run it.