NodeLoader Exposed: The Node.js Malware Evading Detection

SUMMARY :

Zscaler ThreatLabz discovered a malware campaign using Node.js applications for Windows to distribute cryptocurrency miners and information stealers. Named NodeLoader, this malware family employs Node.js compiled executables to deliver second-stage payloads like XMRig, Lumma, and Phemedrone Stealer. The attackers use social engineering, targeting gamers through YouTube and Discord, leading them to malicious websites resembling legitimate gaming platforms. NodeLoader uses the sudo-prompt module for privilege escalation and employs various evasion techniques. The malware downloads and executes PowerShell scripts, which in turn download and run additional payloads. The use of Node.js and large file sizes complicates detection for some security products, resulting in low antivirus detection rates.

OPENCTI LABELS :

social engineering,lumma stealer,evasion techniques,node.js,information stealers,game streaming,cryptocurrency miners,nodeloader


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


NodeLoader Exposed: The Node.js Malware Evading Detection