More threat actors have been leveraging the widely used open-source cross-platform runtime environment Node.js to covertly deploy malware and other malicious payloads since October, SecurityWeek reports.
Aside from being exploited to execute a routine with various modules allowing browser data exfiltration and potential follow-on illicit cyber activity as part of one attack campaign, Node.js has also been used in another campaign involving the ClickFix social engineering technique to allow direct JavaScript execution in a command, according to an analysis from Microsoft. "While traditional scripting languages like Python, PHP, and AutoIT remain widely used in threats, threat actors are now leveraging compiled JavaScriptor even running the scripts directly in the command line using Node.jsto facilitate malicious activity. This shift in threat actor techniques, tactics, and procedures (TTPs) might indicate that while Node.js-related malware aren't as prevalent, theyre quickly becoming a part of the continuously evolving threat landscape," said Microsoft.
Aside from being exploited to execute a routine with various modules allowing browser data exfiltration and potential follow-on illicit cyber activity as part of one attack campaign, Node.js has also been used in another campaign involving the ClickFix social engineering technique to allow direct JavaScript execution in a command, according to an analysis from Microsoft. "While traditional scripting languages like Python, PHP, and AutoIT remain widely used in threats, threat actors are now leveraging compiled JavaScriptor even running the scripts directly in the command line using Node.jsto facilitate malicious activity. This shift in threat actor techniques, tactics, and procedures (TTPs) might indicate that while Node.js-related malware aren't as prevalent, theyre quickly becoming a part of the continuously evolving threat landscape," said Microsoft.
