216.73.217.172

Threat actors misuse Node.js to deliver malware and other malicious payloads

· Published 15/04/2025 20:46 · Modified 16/04/2025 14:21

Export JSON

Essential information

Published
15/04/2025 20:46
Modified
16/04/2025 14:21
Tags
2025-04-15 ahkbot latrodectus node.js raccoono365 remcos stilachirat
Related entities
7 techniques (mitre), 6 malware

Description

Since October 2024, threat actors have been leveraging to deliver malware and payloads for information theft and data exfiltration. A recent malvertising campaign uses cryptocurrency trading themes to lure users into downloading malicious installers. The attack chain includes initial access, persistence, defense evasion, data collection, and payload delivery. The malware gathers system information, sets up scheduled tasks, and uses PowerShell for various malicious activities. Another emerging technique involves inline JavaScript execution through . Recommendations include educating users, monitoring execution, enforcing PowerShell logging, and implementing endpoint protection.

External references