Windows malware turns PCs into zombies

News
By
published

Nodersok malware has already infected thousands of Windows PCs

(Image credit: Pixabay)

A new malware campaign responsible for infecting thousands of Windows PCs worldwide has been discovered by Microsoft.

The Microsoft Defender ATP Research Team found the malware, dubbed Nodersok, and explained in a blog post that it is distributed through malicious adverts which force a Windows system to download HTZ files that are used in HTML apps.

Once a user finds and clicks on the HTZ files on their system, this starts a process that opens Powershell scripts, Excel and JavaScript to download and install the Nodersok malware.

According to Microsoft, the malware is fileless and utilizes living-off-the-land binaries (LOLBins) to tap into exiting tools and functionalities in a Windows System. Nodersok then downloads legitimate modules such as Windivert.dll/sys and Node.exe from the Node.JS framework to carry out its work. However, malicious files and executables are never written to an infected machine's disk.

Nodersok malware

After a system has been fully infected, Nodersok can then turn it into a zombie-like proxy machine used to launch other cyberattacks and even create a relay server that can give hackers access to command and control servers as well as other compromised devices. This helps hackers hide their activity from security researchers looking for suspicious behavior.

In addition to Microsoft, Cisco's security division Talos also discovered the malware and named it Divergent. Security researchers at the company found that the infected machines were being used to commit click fraud on targeted corporate networks.

In its blog post, Microsoft researchers explained how they discovered the Nodersok malware campaign, saying:

“The campaign is particularly interesting not only because it employs advanced fileless techniques, but also because it relies on an elusive network infrastructure that causes the attack to fly under the radar. We uncovered this campaign in mid-July, when suspicious patterns in the anomalous usage of MSHTA.exe emerged from Microsoft Defender ATP telemetry.”

For those concerned about their systems being infected by Nodersok, Microsoft has updated its free antivirus software Microsoft Defender to detect the malware.

Via The Inquirer

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
How to prevent cyberattacks
NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Woman using iMessage on iPhone
UK government guidelines remove encryption advice following Apple backdoor spat
Cryptocurrencies
Ransomware’s favorite Russian crypto exchange seized by law enforcement
Latest in News
Q Acoustics Q SUB80, QSUB100 and QSUB120 subwoofers
Q Acoustics wants to bring the bass to your post-Oscars movie catch-up
Hospital
Major Oracle outage hits US Federal health record systems
Samsung Galaxy A56 display
Samsung’s new budget handsets are getting One UI 7 before the Galaxy S24 Ultra, and I’m as confused as you are
iPad Pro 13-inch 2024 on a table
The OLED iPad Pro is reportedly less popular than expected – and that could mean these changes to Apple's OLED iPad plans
Sam Porter cradles a baby
Death Stranding 2: On the Beach trailer confirms June release date and an even more harrowing post-apocalyptic world
The Ray-Ban Meta Coperni smart glasses
The new Ray-Ban Meta smart glasses design is an expensive disappointment
More about security
How to prevent cyberattacks

NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps

Agentic AI has “profound” issues with security and privacy, Signal President says
Bluetooth

Top Bluetooth chip security flaw could put a billion devices at risk worldwide
See more latest
Most Popular
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
Michelle and Kid Cosmo watching a video projected onto a screen in Netflix's The Electric State movie
'We could not achieve that with puppetry or animatronics': Joe and Anthony Russo didn't want to build real-life robots for The Electric State for two big reasons
Workers at computers in an office
Cybersecurity workers aren't massively happy with their employers - but they are being paid pretty well
Nvidia logo on a dark background
Nvidia's GeForce graphics driver woes continue for some users, despite 572.75 hotfix's overclock and black screen promises
Garmin Fenix 8 AMOLED watch on wrist
Garmin owners were confused about 13.35 software update for Fenix 8, here's what actually happened
An AI face in profile against a digital background.
Worried about DeepSeek? Well, Google Gemini collects even more of your personal data
Samsung Galaxy A56 display
Samsung’s new budget handsets are getting One UI 7 before the Galaxy S24 Ultra, and I’m as confused as you are
iPad Pro 13-inch 2024 on a table
The OLED iPad Pro is reportedly less popular than expected – and that could mean these changes to Apple's OLED iPad plans
Chrome icon on Android
The US government still wants Google to sell off Chrome
Q Acoustics Q SUB80, QSUB100 and QSUB120 subwoofers
Q Acoustics wants to bring the bass to your post-Oscars movie catch-up