Fake Online Speedtest Application
Essential information
- Published
- 25/09/2025 09:20
- Modified
- 25/09/2025 14:54
- Tags
- 2025-09-25 evilai fake applications javascript payload node.js scheduled tasks
- Related entities
- 170 observables, 10 techniques (mitre)
Description
An analysis of several Windows applications masquerading as legitimate utilities reveals a covert malware operation. These apps, including fake speed testers and AI search tools, install a Node.js runtime and execute obfuscated JavaScript via scheduled tasks. The malware communicates with a command and control server, potentially allowing arbitrary code execution. The operation's sophistication lies in its use of seemingly benign applications as cover for persistent background processes. The malware's capabilities include encoded network communications and the ability to receive and execute remote commands. This technique significantly expands the attack surface, as the malicious component operates independently from the visible application.