Novel Stealit malware ensures stealth with Node.js feature abuse

HackRead reports that bogus game and VPN installers have been leveraged to compromise Windows systems with the updated Stealit information-stealing malware, which now exploits Node.js's Single Executable Application feature to bypass detection. Utilizing the SEA feature has enabled the integration of illicit files within a single program, which could be executed even in systems without Node.js software, according to an analysis from Fortinet's FortiGuard Labs. Aside from facilitating file extraction, live screen monitoring, and webcam control, Stealit also enables remote system management, fraudulent alert messages, and ransomware delivery, researchers said. Operators of the malware have also imbued the latest Stealit variant with heavily obfuscated code and comprehensive anti-analysis checks. Such findings were regarded by Bugcrowd Chief Strategy and Trust Officer Trey Ford as indicative of an evolving focused cyber campaign. "There is a large population of privileged IT workers that are avid gamers (many moved into IT thanks to a passion for gaming) meaning hardware used for work and play, lateral network access to their laptop, and extortionary material on those users are all levers to be used for coordinated adversarial development," said Ford.