Key Takeaways
- ThreatLabz has observed threat actors deploying NodeLoader using the Node Package Manager (NPM) pkg module to turn Node.js code into standalone Windows executable files for malicious purposes.
- The threat actors employ social engineering and anti-evasion techniques to deliver NodeLoader undetected.
- NodeLoader uses a module called sudo-prompt, a publicly available tool on GitHub and NPM, for privilege escalation.
- The malware delivered by NodeLoader includes cryptocurrency miners and information stealers.
You must log in or # to comment.
Lmao they just use node to download a powershell script and run it.