An attack campaign targeting primarily the U.S. and Europe is leveraging two legitimate tools, the Node.js framework and WinDivert, to install “fileless” malware that appears to either turn victims’ systems into proxies or perpetrates click fraud. Researchers from both Microsoft Corporation and Cisco Talos yesterday filed separate reports warning of this campaign, which they have named Nodersok or Divergent, respectively. Microsoft, which discovered the campaign in mid-July, said thousands of machines have been targeted in the last several weeks alone, the majority of which belong to consumers. However, roughly three percent of attacks have hit organizations, particularly educational institutions. The U.S. has been targeted 60 percent of the time, followed by the U.K. (21 percent), Germany (8 percent), Italy (5 percent), France (3 percent) and Sweden (1 percent).
Source: SC Magazine
