cybersecurity@infosec.pub · 7 days ago

NodeLoader Exposed: The Node.js Malware Evading Detection

www.zscaler.com

1

7

NodeLoader Exposed: The Node.js Malware Evading Detection

www.zscaler.com

cybersecurity@infosec.pub · 7 days ago

1

A technical analysis of how a malware campaign using a game cheat lure leverages Node.js to distribute XMRig, Lumma and Phemedrone Stealer.

Key Takeaways

ThreatLabz has observed threat actors deploying NodeLoader using the Node Package Manager (NPM) pkg module to turn Node.js code into standalone Windows executable files for malicious purposes.

The threat actors employ social engineering and anti-evasion techniques to deliver NodeLoader undetected.

NodeLoader uses a module called sudo-prompt, a publicly available tool on GitHub and NPM, for privilege escalation.

The malware delivered by NodeLoader includes cryptocurrency miners and information stealers.

You must log in or register to comment.

Chat

MrPoopyButthole@lemmy.dbzer0.com
link
fedilink
arrow-up
6·
7 days ago
Lmao they just use node to download a powershell script and run it.

cybersecurity@infosec.pub

cybersecurity@infosec.pub

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

51 users / day
203 users / week
609 users / month
949 users / 6 months
84 local subscribers
3.38K subscribers
593 Posts
831 Comments
Modlog