New Node.js Trojan Threatens Gamers


New Node.js Trojan Threatens Gamers (Jun 19, 2019)

Researchers at Doctor Web have identified a new type of trojan written in Javascript that uses Node.js to execute itself. Using websites that post video games cheats, a 7zip file containing what the user believes are cheats is downloaded, with the trojan contained in the archive. Once the executable file is ran, the trojan is downloaded and installed, gathering system information and running a cryptocurrency miner.

Recommendation: This story serves as a reminder of the potential risk in regards to following random links, particularly those that have been shortened because it can be difficult to see where it will resolve. Cryptocurrency miners causes a high CPU usage, therefore, if fans seem to be running on a machine, the activity/task manager should be checked to see if miners are unknowingly running.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.