New hard-to-detect Malware is in active development and is currently making its way around thousands of computers across Europe and US, according to Microsoft and Cisco Talos.
The malware, dubbed Nodersok by Microsoft, or Divergent by Cisco Talos; works by turning your computer into a proxy to facilitate the spread of the malware, using Node.js framework and WinDivert -which is a user-mode packet capture-and-divert package for Windows: 2008, 7, 10 and 2016.
A Cisco Talos described the Malware’s activities in these terms:
This malware can be leveraged by an attacker to target corporate networks and appears to be primarily designed to conduct click-fraud. It also features several characteristics that have been observed in other click-fraud malware, such as Kovter.
Windows Defender may be able to identify and block Nodersok aka Divergent, but detecting infection in the first case is a lot more difficult.:
It employs advanced fileless techniques, but also because it relies on an elusive network infrastructure that causes the attack to fly under the radar.
Microsoft advises users to avoid running HTA files found on their systems and to keep an eye out for unrecognised files; ensuring you don’t run any that you cant identify the origin of.