Threat actors misuse Node.js to deliver malware and other malicious payloads
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Since October 2024, threat actors have been leveraging Node.js to deliver malware and payloads for information theft and data exfiltration. A recent malvertising campaign uses cryptocurrency trading themes to lure users into downloading malicious installers. The attack chain includes initial access, persistence, defense evasion, data collection, and payload delivery. The malware gathers system information, sets up scheduled tasks, and uses PowerShell for various malicious activities. Another emerging technique involves inline JavaScript execution through Node.js. Recommendations include educating users, monitoring Node.js execution, enforcing PowerShell logging, and implementing endpoint protection.
OPENCTI LABELS :
remcos,node.js,latrodectus,stilachirat,ahkbot,raccoono365
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Threat actors misuse Node.js to deliver malware and other malicious payloads