An attack campaign targeting primarily the U.S. and Europe is leveraging two legitimate tools, the Node.js framework, and WinDivert, to install “fileless” malware that appears to either turn victims’ systems into proxies or perpetrates click fraud.
Microsoft, which discovered the campaign in mid-July, said thousands of machines have been targeted in the last several weeks alone, the majority of which belong to consumers.
Fileless threat leverages widely used Node.js framework and WinDivert packet-capture utility to turn infected machines into proxies for malicious behavior.https://t.co/Pkvr5Ar9dz#InfoSec #MobileSecurity #Tech #Ransomware #Websecurity #Vulnerability #CyberSecurity #hacking
— US Cybersecurity Mag. (@USCyberMag) September 27, 2019