Nodersok Malware: what is it and how to protect your PC
Nodersol is a new malware that goes unnoticed by antivirus programs and has already infected thousands of computers worldwide, mainly in Europe and the United States. The consequences could be significant, so it's best to prepare. We'll fill you in!
What is Nodersok?
Nodersok is a malware without files that attacks Windows computers. It was discovered by the Microsoft Defender ATP Research Team this year, and is very difficult track because it uses Living-off-the-land Binaries (LOLBin). It has already managed several attacks against individuals, governments, and companies, among others. So far, most of the attacks have been focused in Europe and The United States.
How Nodersok works?
Nodersok stands out because it manipulates functions from the PC's own operating system, or tools from third parties, to sneak in while deactivating the antivirus' firewall.
This virus reaches computers via online advertising using the Node.js framework, which runs JavaScript outside of internet browsers, and WinDivert, an open source software that allows packet capture and diversion for versions Windows 2008, 7, 10, and 2016.
How does Nodersok spread?
Once it infects a computer, the virus starts browsing pages with the aim of generating monetization through fake clicks from online advertising. At the same time, it uses proxy servers to continue spreading to other PCs.
How to protect your PC from Nodersok?
Nodersok has attacked many personal computers, so we advise you to be alert. Microsoft has recommended to avoid running HTA files (or HTML applications, apps that act with HTML and CSS pages similar to .exe files). Also, do not save your download history. Most importantly, keep the antivirus updated to receive patches that will keep you safe.